PDPL

BİOZON MEDİKAL VE OZON SİS. SAN. TİC. LTD. ŞTİ. — PDPL Clarification Text

Işıklar Köyü Testicikırı Mevkii Çan Yolu 5. Sk. No:18/4, Çanakkale • +90 (542) 484 61 91

1. General Information

This clarification text has been prepared by BİOZON MEDİKAL VE OZON SİS. SAN. TİC. LTD. ŞTİ. ("Company" / "Data Controller") within the framework of the Personal Data Protection Law No. 6698 (PDPL) and relevant legislation, to inform you about the purposes of processing your personal data, legal grounds, transfer, and your rights.

Data Controller

BİOZON MEDİKAL VE OZON SİS. SAN. TİC. LTD. ŞTİ.
Address: Işıklar Köyü Testicikırı Mevkii Çan Yolu 5. Sk. No:18/4, Çanakkale, Türkiye
Telephone: +90 (542) 484 61 91
E‑mail: info@biozonmedikal.com
Web: www.biozonmedikal.com

2. Personal Data to be Processed, Purposes, and Legal Grounds

Our Company may process the following types of personal data for the stated purposes, based on legal grounds such as the explicit consent of the data subjects, the establishment and performance of a contract, legal obligations, or the legitimate interests of our Company:

Personal Data TypeProcessing PurposesLegal Grounds
Identity information (name, surname, TR ID number, etc.)Identity verification, contractual processes, application trackingConsent / Performance of contract
Contact information (address, telephone, e‑mail)Information provision, notifications, customer communication, marketing (with permission)Consent / Legitimate interest
Financial information (invoices, account details)Payments, invoicing, accounting, and legally compliant recordsLegal obligation / Contract
Technical and usage data (logs, IP, system data)System security, error detection, analysisLegitimate interest
Visual / Auditory records (CCTV footage)Facility security, legal requirementsLegitimate interest / Consent
Special categories of data (health information, etc.)Medical services and care (if applicable)Explicit consent or exceptions provided by law only

Note: Personal data is collected only for specific, explicit, and legitimate purposes; no processing outside of these purposes is conducted; accuracy is ensured and updated where necessary.

3. Methods of Data Collection

  • Written application and contract forms
  • Electronic media (e‑mail, web forms, online applications)
  • Telephone calls and call centre records
  • Security cameras and facility entry records
  • System logs and automated data collection tools

4. Data Transfer

Our Company may transfer or share personal data with the following parties:

  • Service providers, suppliers, and contractors
  • Public institutions and organisations (legally authorised authorities)
  • Financial advisors, legal consultants, and audit firms
  • Financial/payment institutions

In cases where cross-border transfer is necessary, it is carried out in accordance with the PDPL and relevant regulations, and the necessary security measures are taken.

5. Rights of the Data Subject

Pursuant to Article 11 of the PDPL, data subjects have the following rights:

  • To learn whether their personal data is being processed
  • To request information if it has been processed
  • To learn the purpose of processing and whether it is being used appropriately for that purpose
  • To know the third parties to whom data is transferred domestically or abroad
  • To request the rectification of incomplete or inaccurate data
  • To request the erasure, destruction, or anonymisation of data
  • To request notification of these actions to third parties to whom the data has been transferred
  • To object to automated processing
  • To demand compensation for damages in the event of unlawful processing

Your applications will be concluded free of charge within 30 days at the latest following identity verification. In certain cases, the fee determined by the Board may apply.

6. Application Procedures

You may convey your requests regarding your rights via the following methods:

  • Written application (by post or in person)
  • E‑mail (to the address specified by the company)
  • Registered Electronic Mail (KEP) — (if applicable)

Documents and information aimed at verifying your identity must be included in the application. The content of the application should be as clear and detailed as possible.

7. Data Security

Our Company implements appropriate administrative and technical measures for the protection of personal data. In this context:

  • Access control and authorisation mechanisms
  • Encryption and secure communication protocols
  • Regular backup and auditing practices
  • Physical security measures

8. Updating the Text

This text may be updated as necessary due to Company practices, legal changes, or best practice requirements. The updated text will be published on our website.

9. Competent Court and Applicable Law

The legislation of the Republic of Türkiye shall apply to any disputes regarding this text. The courts and enforcement offices of Çanakkale are authorised as the competent jurisdiction.