THE SCOPE AND THE PURPOSE OF THE POLICY

In order to be in compliance with the Law on Personal Data Protection numbered 6698 (“KVKK”), published on the Official Gazette numbered 29677, dated 07.04.2016 and the related legal regulations, in the context of the obligation to inform to data subjects, the Policy herein has been made available for the applicable procedures and principles adopted by our Company

About your personal data processed at our Company; the practice and basis regarding your personal data processed, the principles of processing of personal data, the purposes and conditions of processing of personal data, transfer of your personal data to domestic/abroad, destruction of your personal data, are explained below.

OLGUN MEDİKAL İNŞAAT VE TİCARET LİMİTED ŞİRKETİ (hereinafter referred to as “Olgun Medikal”), will treat in accordance with the principle and process stipulated under this Policy, in respect of being compliance with KVKK and other related regulations and processing, destructing, transferring, using personal data or other cases, pursuant to the law and other related regulations.

This policy can be updated from time to time as per the changes applicable to the situations or/and legal regulations. In the case of any updating, the Company will notify it via its website or through other way. 

DEFINITIONS

 

 

Explicit consent:  

Freely given, specific and informed consent

Anonymizing :

Rendering personal data impossible to link with an identified or identifiable natural person, even though matching them with other data.

Personal data:

All information relating to an identified or identifiable natural person.

Processing of personal data:

Any operation performed upon personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automatic means or provided that the process is a part of any data registry system, through non-automatic means

Data Subject:

The natural person, whose personal data is processed

Special categories of personal data:

Personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, and the biometric and genetic data are deemed to be special categories of personal data. Special categories of personal data, if obtained by others, can leave the data subject open to discrimination or unfair treatment. For this reason, sensitive personal data merit specific protection than other personal data.

Processor          :

The natural or legal person who processes personal data on behalf of the data controller upon his authorization

Data Controller:

The natural or legal person who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system.

 

 

 

THE PRINCIPLES OF PROCESSING OF PERSONAL DATA

Our Company processes personal data in the context of the principles and bases given below and in accordance with article 4 of KVKK regulating the procedures and principles on processing of personal data.

  • Lawfulness and conformity with rules of bona fides

Our Company processes your personal data in compliance with KVKK and other law and regulations which the Company has to follow due to the Company’s work.

  • Accuracy and being up to date, where necessary

Our Company takes sufficient administrative and technic measures for personal data provided by the data subject not to be changed incorrectly and without data subject’s consent, also takes necessary actions to update personal data upon the request from the data subject on changes on personal data.

  • Being processed for specific, explicit and legitimate purposes

The personal data processed by our Company is processed pursuant to and with the scope of purpose of processing stated to the data subject.

  • Being relevant with, limited to and proportionate to the purposes for which they are processed

Our Company does not process the personal data that exceeds the purpose for which they are processed and are not in the line with the Company’s activity.

  • Being retained for the period of time stipulated by relevant legislation or the purpose for which they are processed

Personal data processed pursuant to KVKK and other related laws and regulations is retained for the period of time stipulated by the relevant legislation or the purpose for which they are processed.

THE CONDITIONS FOR PROCESSING OF PERSONAL DATA AND THE EXCEPTIONS

– Personal data is processed with the scope of the Company’s activity;

  • On condition of receiving the data subject’s consent or
  • If it is clearly provided for by the laws,
  • If it is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid,
  • If processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract,
  • If It is mandatory for the controller to be able to perform his legal obligations,
  • If the data concerned is made available to the public by the data subject himself,
  • If data processing is mandatory for the establishment, exercise or protection of any right,
  • If it is mandatory for the legitimate interests of the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.

– In respect to personal data of special nature processed with the scope of the Company’s activity;

  • It is not processed without the data subject’s consent,
  • Personal data, excluding those relating to health and sexual life, may be processed without seeking explicit consent of the data subject, in the cases provided for by laws,
  • Personal data relating to health and sexual life may only be processed, without seeking explicit consent of the data subject, by any person or authorised public institutions and organizations that have confidentiality obligation, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing.

PERSONAL DATA CLASSIFICATION

ID Information

Those written on the Identification card; name, surname, mother’s name, father’s name, birth place, birth date, marital status, religion, blood group, the registered city, county and hometown and others, not limited to these, included on the identification.

Contact Information

In order to contact you, information provided or you are required to provide; the phone number, the home phone number, residence or other address, electronic mail address so on.  

 

Personnel Information

  • The copy of ID
  • Birth Certificate
  • The document of residence address
  • Medical Report
  • The copy of Diploma
  • Criminal Record
  • Photo
  • The documents related with information of family
  • The document related with military service
  • Labor/service contract
  • The notification of Social Security Institution (SGK)
  • Other documents and information related with your health status

Bank Account Information

   Bank account number, IBAN number, other information related with credit card and debit card.

Resume Information

  • The information written on the resume form or requested by our Company or you provided; education information, school information related with your education and your educational information,
  • The information written on the resume form or requested by our Company or you provided; information related with the date, place and period of your previous work, information of your position and task in your previous work and any information regarding your work experience,
  • The photograph included on your resume form or requested by our Company or you provided,
  • The driving licence included on your resume form or requested by our Company or you provided and information included on your driving licence,
  • References included on your resume form or requested by our Company or you provided and information regarding your reference.

 

Visitor Information

  • Name and surname of who visits the Company, the visit time, and other information related with the visitor.

PROVIDING PROTECTION OF PERSONAL DATA

As Olgun Medikal, we fulfil all necessary technic and administrative measures with the scope of the sufficient technologic base, in order to provide protection and to keep personal data in compliance with KVKK and the related laws, processed by our Company; in this direction, we carry out necessary inspections by taking measures against data breach, unauthorised access, data loss, changing data without consent and similar threats.

In this context, we detect available risks and threats, carry out awareness trainings by educating our employees, determine policies and procedures on personal data protection, ensure to minimize personal data, make non-disclosure agreements with the processors; use the firewall and anti-virus applications, configure available hardware and software, carry out the updating  and detection of software; provide electronically and physical protection,   take necessary measures to prevent breach of data protection by unauthorised person with key management, access log, user access management, technical surveillance countermeasures and encryption algorithm.

THE PURPOSE OF PROCESSING OF PERSONAL DATA

Your personal data is processed with the purposes of fulfilment of the Company’s activity and of obligation imposed by the laws, as limited with these.

In this sense,

  • In respect to the practice of security camera at the workplace

Under the Law on Occupational Health and Safety numbered 6331, Labor Law numbered 4857 and the provisions of secondary legislation, on the purpose of protecting safety of life and property of employees and of maintaining security of the workplace, monitoring is made at the various area in the workplace by security camera. The written warnings to inform about security camera are available at the place where security camera is located.

The security cameras have been located to maintain the security of the workplace with the scope of employer’s legitimate interest, considering the limit of proportionality.  

  • In respect to the personal data of costumer, potential customers and business and solutions partners

The personal data like ID information, contact information, financial information and similar information, provided to us or we requested, is processed;

-to provide more effective service to our supplier and business partners; to operate legal and financial process,

-to maintain security of the workplace, commercial and economic safety,

-to fulfill of our current obligations within the framework of the legislation on ensuring occupational health and safety,

-to improve service by which our Company provide and to maintain the satisfaction of products,

-to share images in corporate social media accounts regarding the organization and other activities of our company,

-to fulfil the obligations arising from law and contract such as making necessary notifications -to the Ministry of Health.

  • In respect to the personal data of visitors

-The visitors’ identity information such as name-surname, ID number and entry-exit times processed by Perkotek Plaza, where our workplace is located, in electronically and physically to ensure the order, safety of life and property. The necessary administrative and technical measures have also been taken by our Company to ensure that Perkotek Plaza processes your personal data lawfully.

  • In respect to the personal data of job candidates

Personal data of job candidates such as ID information, contact information, resume information and similar information is processed;

-to evaluate the convenience of job candidates to the work and -to progress the interview process sending the application form and resumes to the related department,

-to evaluate and to determine whether you as a job candidate provide required and sufficient qualifications at the time of the application of job and of any process made during the application of job,

-to contact with your reference and to have information about you from your reference,

-to hire you at the end of the job application process in the case of positive completion of your job application,

-to assess and the re-assessment of your application, to inform you later about new available position in our Company.

  • In respect to the personal data of employees

Personal data of employees such as ID information, personnel information, resume information, bank account information, contact information and similar information is processed;

-to maintain lay out, tranquillity and safety of the workplace,

-to fulfil obligations of the Laws as creating and retaining personnel file and to share personal data herein to the auditor public institutions and organisations and authorised auditor natural and legal person,

-to create a list to survey the demographic structure of the employees statistically,

-to record all transactions, through log, made by the employees in the fileserver system

-to use of the programs deemed appropriate by our Company within the scope of commercial and other activities of the Company,

-to include images regarding our Company’s organisations and similar activities, in the social media,

-to use the methods determining the employees’ entry/exit time and other similar monitoring methods in order to maintain safety of employees and the workplace, to protect their safety of life and property,

-to share the personal data of the employees with the private insurance company, for personal private health insurance and establishment of another right,

-to share the personal data of the employees to the relevant customer if it is requested within the scope of the maintenance / repair services provided to the customers,

-to record and to transfer the personal data herein to domestic/abroad or third parties in order to make organisations for providing social activities such as fair, seminar, trips, training, conference and services like accommodation and transport, -to carry out visa process, to inform employees about updating news of the Company, -to contact to himself/herself or relative person and also for advertising, promotion and similar purpose of the Company’s activity and for rewarding (like promotion or gifts so on) made on the purpose of motivating employees,

-to share the personal data of the employees to transportation companies for shuttle services,

-to create a card through third parties with which the Company has a contractual relationship in order to cover the meal expenses of the employees,

-to process and to share as well as personal data of special nature to the workplace doctor in the context of activity of “ISG”,

-to record the GSM line, devices or vehicles activities allocated to the employee within the scope of the employer’s management right,

-to share the personal data of the employees who will use the vehicles with car rentals companies,

-to record fuel consumption and HGS information in terms of the use of vehicles allocated by the Company to the Employees for the execution of the job according to the nature of the work performed,

-to retain corporate e-mail accounts provided by the Company to the employees, correspondences carried out in these e-mail accounts and e-mail files containing these correspondences in the cloud system located abroad.

 

  • THE TRANSFER OF PERSONAL DATA DOMESTIC AND ABROAD

Your personal data can be transferred;

-to the third parties for improving productivity and the policy of employment of our Company, providing sustainability and limited to these goals herein,

-to the banks, the third parties worked with, the expert of ISG, the workplace doctor and medical personnel, on the purpose of the fulfilment of obligations owed by the employer, to the Microsoft Office programmes, SAP applications, cloud applications, and back-up systems that all are located abroad, in order to effectively manage and operate the Company’s business and business flow and for the policy -to be applied,

-to the external service providers with who the Company issued an agreement regarding that the external service providers shall take required technic and administrative measures, in the context of realisation of the Company’s commercial activity and similar activity,

-to the business partners, suppliers and to the third parties and abroad by which the Company gets service in the context of the Company’s activity, in order to provide service and products.

-Upon the request or under the necessary situation, your personal data will be transferred to the courts, law-enforcement office/police office, enforcement offices, Social Security Intuition and İŞKUR

  • DESTRUCTION OF PERSONAL DATA

The personal data processed with the scope of the Company’s activity, is retained with the scope of the purpose of processing during the period of time that is necessary to provide this purpose and during the time stipulated under the related laws.

The personal data which has lost its function or whose retention period has been expired or upon demand by the data subject to destruct if allowed by the related laws, is destructed in compliance with the methods stipulated by article 7 of KVKK.

Erasure of personal data is the process of rendering personal data inaccessible and non-reusable for the users concerned, by no means.

Destruction is the process of rendering personal data inaccessible, irretrievable or non-reusable by anyone, by no means.

Anonymization is the process of rendering personal data impossible to link with an identified or identifiable natural person, even though matching them with other data.

  • THE RIGHTS OF THE DATA SUBJECTS

With the scope of the rights stipulated under the article 11 of KVKK, the data subject can apply to our Company about the personal data processed in the context of the Company’s activity and

a) to learn whether his personal data is processed or not,

b) to request information if his personal data is processed,

c) to learn the purpose of his data processing and whether this data is used for intended purposes,

d) to know the third parties to whom his personal data is transferred at home or abroad,

e) to request the rectification of the incomplete or inaccurate data, if any,

f) to request the erasure or destruction of his personal data under the conditions laid down in Article 7,

g) to request notification of the operations carried out in compliance with subparagraphs (d) and (e) to third parties to whom his personal data has been transferred,

h) to object to the processing, exclusively by automatic means, of his personal data, which leads to an unfavourable consequence for the data subject,

i) to request compensation for the damage arising from the unlawful processing of his personal data.

LAST PROVISIONS

In the case of use the rights given above and, if you apply our Company with related the matters given above, your application will be completed free of charge maximum in 30 days depending on the qualification of the application. However, if the application requires extra expenses for the Company, the fee stipulated by the Personal Data Protection Authority may be asked.

You are required to make the application related with the process of your personal data by filling up the application form available on our website and proving personally your ID.

 

Olgun Medikal İnş. ve Tic. Ltd. Şti. Contact Information

Adress: Mahmutbey Mah. Ordu Cad. Perkotek Plaza No:29/11 Bağcılar/İstanbul

Website address to contact: kvkk@olgunmedikal.com.tr

E-mail address to contact:  http://www.olgunmedikal.com/

OLGUN MEDİKAL İNŞ. VE TİC. LTD. ŞTİ.

APPLICATION FORM WITHIN THE CONTEXT OF THE LAW ON PERSONAL DATA PROTECTION

INSTRUCTIONS

The data subject (hereinafter referred to as “Applicant) described as related person in the Law on Personal Data Protection numbered 6698 (“KVKK”) is entitled to make some requests regarding the data processing in the context of article 11 of the KVKK.

According to article 13(1) of the KVKK, the application made to our company, related with the rights herein, should be made in written form or delivered to us by way of other methods determined by the Data Protection Authority (DPA).

In this context, in order to make a request in written form, the applicant shall print the application form of himself/herself; and then, deliver the form through the notary with the “secure electronic signature” defined in the Electronic Signature Law numbered 5070, to the electronic e mail address of the company.

The details regarding the ways and procedures how the application can be delivered are given below.

  • In the fact of making a request in person, the application in written form shall be delivered to Mahmutbey Mah. Ordu Cad. Perkotek Plaza No:29/11 Bağcılar/İstanbul by writing on the envelop that “the information request in the context of the Law on Personal Data Protection”
  • In the fact of making a request through notary, the application in written form shall be delivered to Mahmutbey Mah. Ordu Cad. Perkotek Plaza No:29/11 Bağcılar/İstanbul by writing on the envelop that “the information request in the context of the Law on Personal Data Protection”
  • In the fact of making a request by sending to the company’s e-mail address with the “secure electronic signature”, the application form in written shall be delivered to kvkk@olgunmedikal.com by writing in the subject line that the information request in the context of the Law on Personal Data Protection”

Moreover, other methods that will be determined by the DPA, will be shared when they are announced by the DPA.

Under article 13(2) of the KVKK, the applicant delivered to us will be responded within 30 days, considering the content of the application, from the date of receipt of the application; the responses will be sent to the applicant in written form or electronically.

  1. Contact Information of the Applicant

Name :……………………………..

Surname :…………………………

The Identification Number:…………..

Phone Number:

E-mail address:…………… ( for quick response, if filled up)

Address:………………………

…………………………………..

………………………………….

  1. Please specify the relationship with our Company

(customer, partner, candidate of employee, the employee of the third company……….)

  Customer

  Visitor

  Partner

  Other: ………………………………..

                  The department you are related with:

                  The Subject: ……………….

   Former-employee:……………………….

                 The period of working years: ………….

   Other:…………………………………………..

  I applied for a job/shared CV

                  the Date :

  I am an employee of the third company

               Please defines the information of company and position in the company

  1. Please specify detailedly your request in the context of the KVKK

………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..

  1. Please choose the way of response of us for your application

  would like it to be sent to my address

  would like it to be sent to my e-mail address (this way is the faster one)

  would like to receive by hand

(If someone but you intends to receive the response, the power of attorney or the certificate of attorney is needed)

The application form herein is prepared in order to respond properly and on time for the applicant determining the relationship with our company, if available, identifying the data processed by the company. In order to remove the legal risks caused by the illegal and wrongly data processing and to provide protection to your personal data, the company reserves the rights to require additional document to identify the identity and authority. In the context of form herein, the company decline responsibility where the information in the form is not correct or updated.

The Applicant’s

Name and Surname           :

The application date          :

Signature                            :

OLGUN MEDİKAL İNŞ. VE TİC. LTD. ŞTİ.

PERSONAL DATA STORAGE AND DISPOSAL POLICY

  1. The Basis on Erasure, Destruction or Anonymization of Personal Data

This policy is established to determine procedures regarding on what basis and principles personal data will be erased, destructed or anonymised and outcome of personal data after the purpose of collecting and processing of personal data processed by receiving data subject’s consent or upon the data subject’s demand. All operations will be made in compliance with the principles and basis stipulated by “the By-Law on Erasure, Destruction or Anonymization of Personal Data”.

All operations relating to erasure, destruction and anonymization of personal data are recorded and those records are stored for minimum three years excluding other legal obligations.

  1. The Reasons requiring Storage and Disposal of Personal Data

Your personal data is stored by our company in the way that the related laws and policies determined for the reasons and purpose including the management of the process in human resources, existence of the data subject’s consent, directly concern to negotiate an agreement and to execute it, the necessity for the legitimate interest of the controller, to ensure accomplishment of objectives of an agreement or setting up a business partnership, practice of the commercial activity, the company law, the management of efficiency the management of process in corporate communication, the planning and review of the strategies related the commercial activity, maintaining the safety and the fulfilment of the obligations to the legally authorised public institutions, and your personal data processed are disposed with the board decision, upon the data subject’s demand or as a result that the necessity of the storage of personal data is no longer exist because the process herein comes to the end.

  1. The Definitions

The definitions of the terms included in the policy are explained below.

Recipient group                                              : means category of natural or legal persons to which the personal data are transferred by the data controller,

User concerned                                               : means persons who process personal data within the organization of the data controller or upon authorization and instructions received from the data controller, other than the person or department which is responsible for the technical storage, protection and back up of personal data,

Disposal                                                           : means erasure, destruction or anonymization of personal data,

Law                                                                  : Personal Data Protection Law No. 6698 and of 24/3/2016,

Recording medium                                        : means any type of environment that keeps the personal data processed wholly or partially by automated means or non-automated means which provided that form part of a data filing system,

Personal data processing inventory             : means the inventory which is detailed by explanations of the followings: personal data processing activities of data controllers according to their business processes; purposes and legal ground of personal data processing; data category; maximum data storage period required for the purposes formed relating to the recipient group to whom the data are transferred and with data subject groups, and for personal data processing; personal data envisaged to be transferred to foreign countries; and measures taken relating to the data security,

Personal data storage and disposal policy   : means the policy which data controller issues as a basis for erasure, destruction and anonymization of personal data and determination of maximum storage period for the purpose for which personal data are processed,

Board                                                              : means Personal Data Protection Board,

Periodic Disposal                                            : means the erasure, destruction or anonymization process which is determined in the personal data storage and disposal policy and to be carried out periodically ex officio, in the event that all of the conditions for processing laid down in the Law no longer exist,

Registry                                                           : means Data Controllers’ Registry kept by the Personal Data Protection Authority,

Data filing system                                           : means the filing system where personal data are processed by being structured according to specific criteria,

Data Controller                                              : (Olgun Medikal İnşaat ve Ticaret Limited Şirketi) means the natural or legal person who determines the purpose and means of processing personal data and is responsible for the establishment and management of the data filing system,

Anonymizing                                                  : means rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data

Erasure                                                            : is the process of making personal data inaccessible and non-reusable by any means for the Related Users

Destruction                                                     : is the process of making personal data inaccessible and non-reusable by any means for anyone

Direct Identifiers                                            : By themselves, identifiers that directly reveal, disclose and distinguish the person they are in contact with,

Indirect Identifiers                                         : Descriptors that come together with other descriptors to reveal, disclose and distinguish the person they are associated with,

Blanking                                                           : means the process of crossing out, blurring or inking the whole of personal so as to render them invisible or not relatable to natural person who either can be identified or not

Masking                                                        : means the process of removing, crossing out, blurring or inking certain part of personal data so as to render them invisible or not relatable to natural person who can either be identified or not

  1. The Medium where Personal Data are recorded

Personal data belonging to data subjects is safely stored in compliance with the Law and the related laws as indicated below.

Electronic media   :  Storage , Nas device

In written form      : HR lockers, archive cabinet

  1. Authorised Department and Person operating the Process of Storage and Disposal of Personal Data

The positions, departments and missions of authorised person for process of storage and disposal of personal data are indicated below.

. In the process of the storage of job application form and CV  the Human Resources       the Human Resources Specialist

. In the process of the storage of personal file the Human Resources the Human Resources Manager

. In the process of the storage of data collected in the context of the law on Occupational Health and Safety          the Human Resources         the Human Resources Manager

. In the storage of data related with occupational disease/work accident   the Workplace Doctor

. In the storage of technical service forms and annual maintenance agreements         Technical Service        Technical Service Manager 

. In the process of making payments for advance/ execution/ compensation    the Finance   the Finance Manager

. In the process of the storage of invoices and current account    the Finance         the Finance Manager

. In the process of storage of the agreements the Accounting the Accounting Manager

. In the process of the storage and the recording of security cameras’ footage placed either in the company or outside of the company        the Information Technologies        the Information Technologies Manager

. In the process of storage of the information regarding login to/logout from website    the Information Technologies     the Information Technologies Manager

. In the process of backing up of programme data  the Information Technologies   the Information Technologies Manager

. In the process of recording biometric data and storage of the entry/exit work attendance    the Information Technologies the Information Technologies Manager

  1. The Organisational and Technical Measures taken to Protect Personal Data and to avoid illegally Processing and Access.

The Technical Measures Taken to legally Store and to Avoid illegally Processing and Access of Personal Data of Personal Data

  • The operations of storage, processing and access of personal data are reviewed by the established technical systems.
  • The software and hardware including virus protection and firewall are used.
  • The measures taken are reported to related person.
  • Staff who has knowledge about technical matters are employed.
  • Access authorisations are restricted and regularly reviewed.
  • The back-up programmes that are pursuant to the law are used in order to store safely personal data
  • Unjustified accesses or access attempts are instantly reported to related person by using log system for the access of the data storage medium

The Organisational Measures taken to legally store and to avoid illegally Processing and Access of Personal Data

  • The employees are informed and educated about the Personal Data Protection law and legally storage and processing of Personal data.
  • The authorised employee to process, to store and to access personal data in data processing inventory is appointed
  • All operations carried out are detailly analysed in the context of each department and as a result of this analysis, the operations of data processing are revealed in the context of commercial and organisational activities carried out by the related department
  • The awareness is raised and the practice rules are determined, in the context of the related department in order to provide the requirements of legally adaptation.
  • The employees are informed about their liabilities that the employees can not share the personal data improperly to KVKK and can not use them out of the purpose of data processing. The employees are aware of that their liabilities herein are continued after leaving from the job. In this sense the undertakings are provided by the employees.
  • The liabilities not to process, disclose and use personal data except the Company’s direction and exceptions imposed by the related laws, are established in the agreement and documents regulating the legal relationship among employees.
  1. The Technical and Organisational Measure to be taken for legally Disposal of Personal Data
  • Safely erasure of data from the software: in the process of erasure data which is processed in completely or partially electronic way and stored in digital media, the method which renders the data non reusable and inaccessible by no means, is used for erasure of the data from the software.
  • Erasure of data in the cloud system with the file deletion order: These can be deemed in this context that removing the authorisation of access of related person on the files in the central server, erasure of related texts in the database with the database order or erasure of data in the removable media by using relevant software.

However, if the erasure of personal data cause inaccessibility and non-use of the other personal data in the system, then archiving personal data as rendering them not relatable to anyone, is also deemed as erasure process on the fulfilment of the conditions indicated below.

  • It shall be inaccessible to any institutions or person
  • All organisational and technical measures shall be taken so as to render personal data accessible by only authorised person.
  • Safely erasure by the expert: Olgun Medikal may employ an expert for erasure of personal data. In this case, personal data will safely be erased by the expert so as to render them non reusable and inaccessible by any means.
  • Obscuring personal data in written form: it is the method used to avoid the use of personal data out of the purpose or to erase personal data upon the demand, which related personal data is removed from the document by cutting the related paper or is inking personal data by an expert so as to render it inaccessible and non-reusable by no means.  
  • Magnetisation: it is the method that the data on the magnetic medium is broken by using certain devices in which magnetic field is exposed to magnetic medium.
  • Material destruction: Material data can be automatically processed if they are part of a data recording system. In disposal of such data, the system materially destructing personal data in the way that personal data become non reusable and inaccessible. Personal data in written form and in micro office medium is destructed in this way because of non-availability of other methods.
  • Overwrite methods: it means writing maximum 7 times random data consisted of 0 and 1 as numbers through magnetic media and re-writable optic media via certain software
  • The anonymisation methods not causing irregularity of valuation: By this method, without any changes on or add on/drop from personal data, any personal data group can be generalised, exchanged each other or certain data or sub data of this personal data group can be removed.
  • Removing parameter: With the removing descriptive data methods, available data set is anonymised by removing the high-degree descriptive ones of parameter in the data set formed after collected data is gathered.
  • Removing records: The stored data is anonymised by removing data line including singularity among data from the records.
  • Sectionally Coverup: If a single data has descriptive feature because it creates hardly visible combination, the anonymising is carried out by concealing the related data.
  • Codifying lower and upper limits: With this method, valuations in a data group placed in the predefined categories are anonymised by associating by determining certain limit.
  • Generalisation: With this method, several data are consolidated and the personal data is rendered as unrelatable to anyone.
  • Global codifying: This method creates more general content than personal data and ensures rendering personal data not relatable to anyone.
  • The Anonymisation method causing irregularity of valuation: with this method which is opposite to the methods causing not irregularity of valuation, the broken is created by changing data in the personal data groups
  • Adding Noise: with this method, the data is anonymised in data set in which numerical data are predominant, by adding several deviations in positive or negative directions on available data.
  • Micro Association: in this method that firstly all data is sorted in a group in a meaningful order, and the value that is found by averaging the group herein is written on the field of related data, so that anonymising is completed.
  • Exchange of data: In this method, the valuations of a parameter among the pair picked in the stored data are exchange each other.

In the case of situations indicated above, required all organisational and technical measures are taken and the compliance with the Law, the by-law and other related laws for the purpose pf protection of personal data, is ensured.  

  1. The Period of Periodical Disposal of Personal Data

The personal data held by Olgun Medikal will be periodical reviewed and those of personal data herein whose condition to process is completely no longer exist will be erased, destructed or anonymised.

This periodical reviewing and disposal process appear in the Personal data Processing Inventory which is/will be presented to the VERBIS system.

  1. The Period of Erasure, Destruction or Anonymising of Personal Data on Its Own Motion

Your personal data will be erased, destructed or anonymised at the first periodic disposal process following the date when the obligation to erase, destruct or anonymise personal data is occurred. Howsoever, it will not exceed 6 months.

In the fact that the damage which is unrecoverable or hard to recover is occurred and it is clearly illegal, the Board can shorten the period in question.

  1. The Period of Erasure, Destruction or Anonymising of Personal Data upon the Data Subject’s Demand

The Data Subject delivers his/her demand to Olgun Medikal either in written form or other way the Board will determine. Olgun Medikal may accept the demand or refused it with the explanation of the reason and deliver the response in maximum 30 days either in written form or electronically. In the act of accepting the demand, the Company will fulfil the demand.

If the conditions for processing of personal data related with the demand, are no longer exist, the personal data related with the demand is either erased, destructed or anonymised.  Depending on the content of the demand, it will we completed in maximum 30 days with no charge. However, if the process requires extra expenses, the fee in the tariff determined by the Board may come into question. If the expenses occur because of the Company’s fault, the fee received is refunded.

Unless otherwise stated by the Board, the way to erase, destruct or anonymise personal data on its own motion will be preferred by Olgun Medikal. In the case of related person’s demand, Olgun Medikal choose the way with the explanation of the reason.

In the case that the personal data related with the demand has been transferred to the third person, Olgun Medikal will notify the third person and ensure the necessary process will be completed.

You can make an application about processing of your personal data, either via the form available in the Company’s website or in written form to the address indicated below.

Olgun Medikal İnş. ve Tic. Ltd. Şti. contact information

E-mail Address; kvkk@olgunmedikal.com.tr

Central Office address: Mahmutbey Mah. Ordu Cad. Perkotek Plaza No:29/11 Bağcılar/İstanbul

The website address for communication: http://www.olgunmedikal.com/

*In the case of application in written form, please specify that “it is the information demand in the context of the Personal Data Protection Law