Personal Data Protection Policy
DIA PRO MEDICAL PRODUCTS INC. PERSONAL DATA PROTECTION AND PROCESSING POLICY PERSONAL DATA PROTECTION AND PROCESSING INFORMATION FORM
Personal Data Protection and Processing Policy
Document Name: Dia Pro Medical Products Inc. Personal Data Protection and Processing Policy.
Target Audience: All real persons whose personal data are processed by Dia Pro Medical Products Inc., except for its employees.
Approved by: Approved by the Personal Data Protection Board.
In case of any discrepancy between the Turkish version of the policy and any translation, the Turkish text shall prevail.
©DIA PRO MEDICAL PRODUCTS INC. 2020
This document may not be reproduced or distributed without the written permission of DIA PRO MEDICAL PRODUCTS INC.
SECTION 1 – INTRODUCTION
1.1 Introduction
The protection of personal data is among the top priorities of Dia Pro Medical Products Inc. (the Company), and Dia Pro Medical Products Inc. makes every effort to comply with all applicable legislation in this regard. This Personal Data Protection and Processing Policy ("Policy") explains the principles adopted in the execution of personal data processing activities carried out by our Company and the basic principles adopted in terms of compliance with the regulations in the Personal Data Protection Law No. 6698 ("Law"), thus ensuring the necessary transparency by informing personal data owners. With full awareness of our responsibility in this regard, your personal data is processed and protected within the scope of this Policy.
1.2 Scope
This Policy applies to all personal data processed by our Company, either fully or partially automatically, or by non-automatic means, provided that it is part of any data recording system, except for the personal data of our employees. Detailed information on the personal data owners in question can be found in Appendix 2 of this Policy ("Appendix 2 - Personal Data Owners").
The activities carried out by Dia Pro Medical Products Inc. regarding the protection of personal data of our employees are managed under the Dia Pro Medical Products Inc. Employee Personal Data Protection and Processing Policy, which is drafted in parallel with the principles in this Policy.
Details of personal data processing activities carried out by our Company for employee candidates or employees can be accessed from the Employee Candidates Personal Data Protection and Processing Policy and Employee Personal Data Protection and Processing Policy, respectively, available at https://diapro.com.tr/pdf/veri-sahibi-basvuru-formu.pdf
1.3 Application of the Policy and Relevant Legislation
Legal regulations in force regarding the processing and protection of personal data will primarily be applied. In case of any inconsistency between the current legislation and the Policy, our Company accepts that the current legislation will prevail. The Policy concretizes the rules set forth by the relevant legislation within the scope of Company practices.
1.4 Enforcement of the Policy
The effective date of this Policy is 01.10.2018, revised on 01.10.2019, and updated on 10.10.2020. This version has been renewed as of the effective date of this Policy.
This Policy is published on the website at https://diapro.com.tr/kvkk and is made available to the relevant persons upon request.
SECTION 2 – MATTERS RELATED TO THE PROTECTION OF PERSONAL DATA
2.1. Ensuring the Security of Personal Data
In accordance with Article 12 of the Law, our Company takes necessary measures to prevent the unlawful disclosure, access, transfer, or other security breaches regarding personal data, depending on the nature of the data to be protected. In this context, our Company implements administrative measures and conducts or commissions audits to ensure the appropriate level of security, in line with the guidelines published by the Personal Data Protection Board ("the Board").
2.2. Protection of Special Categories of Personal Data
The Law attributes particular importance to certain types of personal data due to the risk that their unlawful processing may cause victimization or discrimination. These data include information on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. Our Company exercises special care in protecting special categories of personal data that are lawfully processed and designated as "sensitive" under the Law. Accordingly, the technical and administrative measures taken for the protection of personal data are applied with particular care to sensitive data, and the necessary internal audits are conducted. Detailed information on the processing of special categories of personal data can be found in Section 3.3 (“Processing of Special Categories of Personal Data”) of this Policy.
2.3. Raising Awareness and Auditing Business Units Regarding the Protection and Processing of Personal Data
Dia Pro Medical Products Industry and Trade Inc. ensures that the necessary training is provided to its business units in order to raise awareness about the prevention of the unlawful processing of personal data, unauthorized access to personal data, and ensuring the secure storage of personal data. To promote awareness among its employees on the protection of personal data, Dia Pro Medical Products Industry and Trade Inc. establishes the necessary systems and, when needed, collaborates with consultants. In this regard, our Company evaluates participation in relevant trainings, seminars, and information sessions, and updates its training programs in line with any amendments to the applicable legislation.
SECTION 3 – MATTERS RELATING TO THE PROCESSING OF PERSONAL DATA
3.1. Processing of Personal Data in Accordance with the Principles Prescribed by Legislation
3.1.1. Lawful and Fair Processing
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. processes personal data in compliance with the principles established by legal regulations as well as the general principle of trust and fairness. Within this framework, personal data is processed only to the extent required by and limited to the company's business activities.
3.1.2. Ensuring that Personal Data is Accurate and Up-to-Date
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. takes necessary measures to ensure that personal data remains accurate and up-to-date during the processing period and establishes mechanisms to maintain the accuracy and timeliness of personal data at regular intervals.
3.1.3. Processing for Specific, Explicit and Legitimate Purposes
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. clearly defines the purposes of personal data processing and processes data in line with these business-related and legitimate purposes.
3.1.4. Being Relevant, Limited and Proportionate to the Purpose for which they are Processed
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. collects personal data only as necessary for its business activities and processes them only for the predefined purposes.
3.1.5. Retention for the Period Required by Relevant Legislation or for the Purpose for which they are Processed
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. retains personal data for as long as required for the purpose of processing or as stipulated by relevant legislation. The company first determines whether any legislation stipulates a retention period; if so, that period is observed. If no such period exists, data is retained only as long as necessary for the processing purpose. After the expiration of retention periods, personal data is destroyed using deletion, destruction, or anonymization methods in accordance with periodic destruction schedules or data subject requests.
3.2. Conditions for Processing Personal Data
In addition to the data subject’s explicit consent, personal data may be processed based on one or more of the following legal bases. In cases involving sensitive personal data, the conditions specified under Section 3.3 shall apply.
- i. Presence of Explicit Consent from the Data Subject: Explicit consent must be given freely, informed, and specific to a particular subject.
- ii. Explicitly Provided for by Law: If the processing is clearly stipulated by law, explicit consent is not required.
- iii. Inability to Obtain Consent Due to Actual Impossibility: If the data subject is unable to give consent due to physical impossibility and data must be processed to protect the life or physical integrity of themselves or others, data may be processed without consent.
- iv. Necessity for the Establishment or Performance of a Contract: If personal data processing is necessary for a contract to which the data subject is party, no consent is required.
- v. Compliance with Legal Obligations: Data may be processed if necessary for the company to fulfill its legal obligations.
- vi. Publicization by the Data Subject: If the data subject has made the personal data public, it may be processed limited to that purpose.
- vii. Necessity for the Establishment, Use or Protection of a Right: Data may be processed if necessary to establish, use, or protect a legal right.
- viii. Legitimate Interests of the Company: Data may be processed for the legitimate interests of the company, provided that it does not harm the fundamental rights and freedoms of the data subject.
3.3. Processing of Special Categories of Personal Data
Sensitive personal data is processed by Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. in accordance with the principles set forth in this Policy and with all necessary administrative and technical measures, under the following conditions:
- Special category personal data excluding health and sexual life may be processed without explicit consent if clearly stipulated by law. Otherwise, explicit consent must be obtained.
- Health and sexual life data may be processed without explicit consent only by persons under confidentiality obligations or authorized institutions and organizations, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, or planning and management of healthcare services and financing. Otherwise, explicit consent must be obtained.
3.4. Informing the Data Subject
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. informs data subjects in accordance with Article 10 of the Law and secondary legislation. Data subjects are informed about the identity of the data controller, the purposes of processing, the recipients and purpose of data transfer, methods of data collection, legal grounds, and their rights regarding their personal data.
3.5. Processing of Personal Data by Group Companies
Personal data processed by Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. may also be processed by its group companies (Opakim Tıbbi Ürünler San. ve Tic. A.Ş – MDS Sağlık Ürünleri Tic. A.Ş – Hemakim Tıbbi Ürünler San. ve Tic. A.Ş) in line with corporate principles, goals and strategies. If personal data is transferred from one data controller to another, the group companies must inform the data subject at the time of collection that their data may be shared with Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. or its affiliates.
3.6. Transfer of Personal Data
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. may transfer personal and sensitive personal data to third parties (other companies, public and private institutions, third persons) in line with the lawfully specified purposes, taking necessary security measures and in accordance with Article 8 of the Law. For further details, refer to Annex 4 – “Third Parties to Whom Personal Data is Transferred and Purposes of Transfer”.
3.6.1 Transfer of Personal Data
Even without explicit consent, personal data may be transferred to third parties under the following conditions:
- If clearly stipulated by laws,
- If necessary for the performance or establishment of a contract,
- If necessary for the company to fulfill its legal obligations,
- If data is made public by the data subject and limited to that purpose,
- If necessary for the establishment, exercise or protection of a right,
- If necessary for legitimate interests of the company without harming the fundamental rights and freedoms of the data subject,
- If necessary to protect the life or physical integrity of someone unable to give consent due to actual impossibility.
Additionally, data may be transferred to countries with “adequate protection” designated by the Board. In the absence of adequate protection, data may be transferred to foreign countries where both parties provide a written commitment to adequate protection and the Board's permission is obtained.
3.6.2 Transfer of Special Categories of Personal Data
Sensitive personal data may be transferred under the same conditions as their processing, provided necessary safeguards are taken:
- Data excluding health and sexual life may be transferred if stipulated by law, otherwise, explicit consent is required.
- Health and sexual life data may be transferred without consent only by persons under confidentiality obligations or authorized institutions for healthcare purposes. Otherwise, explicit consent is required.
These data may also be transferred to countries with adequate protection or, if unavailable, to countries that commit to adequate protection and have Board approval.
SECTION 4 – CATEGORIZATION OF PERSONAL DATA PROCESSED BY OUR COMPANY AND PURPOSES OF PROCESSING
In accordance with Article 10 of the Law and secondary legislation, personal data are processed by informing the relevant individuals and in line with the purposes of personal data processing by our Company. The processing is based on at least one of the data processing conditions stated in Articles 5 and 6 of the Law, and limited to these conditions. The general principles outlined in Article 4 of the Law, particularly those regarding the processing of personal data, are also adhered to.
Details about the categories of personal data processed within the scope of this Policy and further information regarding these categories can be found in Annex 3 of the Policy (“Annex 3 – Personal Data Categories”).
Detailed information regarding the purposes of processing personal data is provided in Annex 1 of the Policy (“Annex 1 – Purposes of Personal Data Processing”).
SECTION 5 – RETENTION AND DESTRUCTION OF PERSONAL DATA
Our Company retains personal data for the duration required to fulfill the processing purpose and in accordance with the minimum periods stipulated by applicable legal regulations. In this context, our Company first determines whether a specific retention period is set out in the relevant legislation; if such a period exists, the Company complies with it. If no legal retention period is defined, the data is stored for the period necessary to achieve the processing purpose.
After the expiry of the retention period, personal data is destroyed using defined destruction methods (deletion and/or destruction and/or anonymization) in accordance with periodic destruction schedules or upon the data subject's request.
SECTION 6 – RIGHTS OF PERSONAL DATA SUBJECTS AND EXERCISING THESE RIGHTS
6.1. Rights of the Personal Data Subject
Personal data subjects have the following rights:
- To learn whether personal data is being processed,
- To request information if their personal data has been processed,
- To learn the purpose of the data processing and whether data is being used in accordance with that purpose,
- To know the third parties to whom personal data is transferred, either domestically or abroad,
- To request the correction of personal data if it is incomplete or incorrectly processed, and to request that such corrections be notified to third parties to whom the data was transferred,
- To request the deletion or destruction of personal data if the reasons for processing no longer apply, despite being processed in compliance with the Law and other relevant laws, and to request that the process be communicated to third parties,
- To object to the occurrence of a result against the individual by analyzing the processed data exclusively through automated systems,
- To request compensation for damages in case of unlawful processing of personal data.
6.2. Exercising the Rights of the Data Subject
Data subjects may submit their requests regarding the rights listed in section 6.1 (“Rights of the Personal Data Subject”) to our Company by following the methods specified by the Board. In this regard, data subjects may utilize the “Data Subject Application Form” available at https://diapro.com.tr/pdf/veri-sahibi-basvuru-formu.pdf.
6.3. Company Response to Applications
Our Company takes the necessary administrative and technical measures to finalize applications submitted by personal data subjects in compliance with the Law and secondary regulations.
If the personal data subject submits their request in accordance with the procedure set forth in section 6.1 (“Rights of the Personal Data Subject”), our Company will respond to the request as soon as possible and within no later than 30 (thirty) days, free of charge. However, if the process incurs additional cost, a fee may be charged as determined by the Board.
SECTION 7 – SPECIAL CIRCUMSTANCES OF PERSONAL DATA PROCESSING
7.1. Personal Data Processing Activities at Building and Facility Entrances and Within Buildings, and Website Visitors
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. processes personal data for security purposes through surveillance camera monitoring and guest entry-exit tracking at its buildings and facilities.
7.2. Camera Surveillance Activities at Building and Facility Entrances and Interiors
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. conducts camera surveillance activities in accordance with the Law on Private Security Services and related legislation for the purpose of ensuring security at its buildings and facilities. These surveillance activities are carried out in compliance with the personal data processing conditions outlined in the Law and the purposes specified in applicable regulations.
The data subject is informed through multiple methods, in accordance with Article 10 of the Law, regarding the surveillance activities. Furthermore, personal data is processed in a manner that is connected, limited, and proportionate to the intended purpose, in accordance with Article 4 of the Law.
The purpose of video surveillance conducted by Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. is limited to those listed in this Policy. Accordingly, the coverage areas, number of cameras, and monitoring times are determined solely for achieving security purposes. Surveillance does not occur in areas where individuals’ privacy may be violated beyond security needs (e.g., restrooms).
Live and recorded camera footage stored digitally is accessible only to a limited number of employees. These individuals are required to sign confidentiality agreements declaring they will maintain the privacy of the data accessed.
7.3. Tracking Guest Entry and Exit at Building and Facility Entrances
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. processes personal data to track guest entries and exits for security purposes and for the objectives outlined in this Policy.
When obtaining names and surnames of visitors entering the buildings, or through written notices posted in visible areas or otherwise made accessible, visitors are informed accordingly. The data collected for guest tracking is used exclusively for this purpose and is recorded in physical data registration systems.
SECTION 8 – RELATIONSHIP OF THE PERSONAL DATA PROTECTION AND PROCESSING POLICY WITH OTHER POLICIES
Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. establishes, through this Policy, fundamental policies not only for internal sub-policies related to the protection and processing of personal data but also for the Group Companies.
The principles of Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş.’s internal policies are reflected, to the extent applicable, in publicly available policies to inform the relevant parties within this framework, aiming to ensure transparency and accountability regarding the personal data processing activities carried out by the Company.
ANNEX 1 – Personal Data Processing Purposes
| PRIMARY PURPOSES | SECONDARY PURPOSES |
|---|---|
| Planning and Execution of the Company’s Human Resources Policies and Processes | Conducting Personnel Recruitment Processes |
| Conducting Commercial Activities Carried Out by the Company and Performing Necessary Works and Related Business Processes by Our Relevant Units | – Event Management – Planning and Execution of Corporate Communication Activities – Planning, Auditing, and Execution of Information Security Processes – Establishment and Management of Information Technology Infrastructure – Tracking of Finance and/or Accounting Activities – Planning and Execution of Corporate Sustainability Activities – Planning and/or Execution of Activities for Effectiveness/Efficiency and/or Appropriateness Analysis of Business Activities – Planning and Execution of Corporate Governance Activities |
| Planning and Execution of the Company's Commercial and/or Business Strategies | – Management of Relationships with Business Partners and/or Suppliers – Execution of Strategic Planning Activities |
| Planning and Execution of the Company’s Human Resources Policies and Processes | – Management of Employee Requests and Complaints – Planning of Analysis and Improvement Activities Related to Employee Salary Management – Planning and Support of Processes for Providing Employee Benefits and Perks – Support for Planning of Employee Salary Management Activities – Planning and Support of Career Processes Related to Employee Training and Development – Planning and Management of Processes to Increase Employee Satisfaction and Loyalty – Planning and/or Execution of Intern and/or Student Recruitment, Placement, and Operational Processes |
| Supporting Strategic Human Resources Planning, Backup Processes and Organizational Development Activities of the Company | – Management of Employee Performance Evaluation Processes – Support for Development and Backup Planning Activities – Support for Management of Personnel and Manager Appointment and Promotion Processes within the Company |
| Protection of the Company’s Reputation and Trust in Commercial Life and Among Consumers | – Activities to Protect the Company and Its Values’ Reputation – Tracking Customer Requests and/or Complaints – Planning and/or Execution of Corporate Social Responsibility and/or Non-Governmental Organization Activities – Planning and Execution of Processes Related to Employee and Stakeholder Commitment and Satisfaction |
| Planning and Execution of Company’s Audit Activities | – Support for Company Fraud Reporting and Investigation Processes – Planning and Execution of Audit Activities to Ensure Company Operations Comply with Procedures and Relevant Legislation |
| Ensuring Legal, Technical and Commercial-Operational Safety of the Company and Related Individuals | – Providing Information to Authorized Institutions According to Legislation – Execution of Company and Partnership Law Transactions – Support for Execution of Company and Partnership Law Transactions – Ensuring Accuracy and Currency of Data – Ensuring Security of Company Premises and/or Facilities – Planning and Execution of Company Audit Activities |
ANNEX 2 – Categories of Personal Data Subjects
| CATEGORY OF PERSONAL DATA SUBJECT | DESCRIPTION |
|---|---|
| COMPANY CUSTOMER | Individuals whose personal data is obtained through the Company’s business relationships regardless of whether they have a contractual relationship with Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. |
| VISITOR | Individuals visiting Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş.’s physical premises for various purposes. |
| JOB APPLICANT | Individuals who have applied for a job at Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. by any means or have submitted their CV and related information for review. (For details, see here) |
| COMPANY EMPLOYEE | Employees whose personal data are processed within the scope of activities such as employee satisfaction, human resources, audit, IT security and infrastructure, legal compliance, etc., carried out by Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. (For details, see the Group Employees Personal Data Protection and Processing Policy at https://diapro.com.tr/kvkk) |
| FAMILY MEMBERS AND RELATIVES | Spouses, children, and relatives of personal data subjects whose data is processed under this Policy within the scope of activities carried out by Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. |
| THIRD PARTY | Other natural persons not covered by this Policy and the Employees’ Personal Data Protection and Processing Policy (e.g., guarantors, companions, former employees). |
| COMPANY SHAREHOLDER | Shareholders of Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. who are natural persons. |
| COMPANY OFFICER | Members of the board of directors and other authorized natural persons of Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. |
| EMPLOYEES, SHAREHOLDERS, AND OFFICERS OF OUR PARTNER INSTITUTIONS | Natural persons who work in institutions with which Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş. has any kind of business relationship (such as partners, suppliers, but not limited to these), including shareholders and authorized persons of these institutions. |
ANNEX 3 – Categories of Personal Data
| CATEGORY OF PERSONAL DATA | DESCRIPTION |
|---|---|
| IDENTITY INFORMATION | Data related to a person's identity; full name, Turkish ID number, nationality, place and date of birth, gender, workplace information, registration number, tax number, title, biography, and documents such as driver's license, professional ID, identity card, and passport. |
| CONTACT INFORMATION | Phone number, address, email, fax number, and similar details. |
| OPERATION SECURITY INFORMATION | Personal data processed to ensure technical, administrative, legal, and commercial security during our operations (e.g., logs, IP addresses, authentication data). |
| TRANSACTION INFORMATION | Data processed within activities conducted by Dia Pro Medical Products Industry and Trade Inc. such as survey data, declarations, purchase details, call center records, membership information, cookie records, aiming to protect the legal and other interests of the Company and data subjects. |
| FAMILY MEMBERS AND CLOSE RELATIVES INFORMATION | Information processed about the data subject's family members (e.g., spouse, mother, father, children), relatives, and other persons reachable in emergencies in relation to the services provided and legal interests. |
| PHYSICAL LOCATION SECURITY INFORMATION | Personal data related to records and documents taken during physical entry and stay in premises; camera footage, vehicle records, and security checkpoint records. |
| FINANCIAL INFORMATION | Personal data processed regarding financial results generated according to the legal relationship between Dia Pro Medical Products Industry and Trade Inc. and the data subject, including bank account numbers, IBAN, income information, debt/credit details. |
| VISUAL/AUDIO INFORMATION | Photographs and video recordings (excluding those under Physical Location Security Information) and audio recordings. |
| CORPORATE MEMORY INFORMATION | Memories, interviews, and similar data processed within the scope of activities conducted to create the corporate memory of Dia Pro Medical Products Industry and Trade Inc. |
| SENSITIVE PERSONAL DATA | Data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, association or union membership, health, sexual life, criminal convictions and security measures, biometric and genetic data. |
| LEGAL PROCESS AND COMPLIANCE INFORMATION | Personal data processed for the determination, follow-up of legal claims and rights, fulfillment of debts, legal obligations, and compliance with company policies. |
| AUDIT AND INSPECTION INFORMATION | Personal data processed regarding the operational, financial, fraud, and compliance audit activities of the Company. |
| REQUEST/COMPLAINT MANAGEMENT INFORMATION | Personal data related to all requests or complaints submitted to Dia Pro Medical Products Industry and Trade Inc. and their evaluation. |
ANNEX 4 – Third Parties to Whom Personal Data is Transferred and Purposes of Transfer
In accordance with Articles 8 and 9 of the Personal Data Protection Law, the personal data of data subjects managed by this Policy may be transferred to the following categories of persons:
- (i) Business partners of Dia Pro Medical Products Industry and Trade Inc.,
- (ii) Suppliers of Dia Pro Medical Products Industry and Trade Inc.,
- (iii) Group companies of Dia Pro Medical Products Industry and Trade Inc.,
- (iv) Legally authorized public institutions and organizations,
- (v) Legally authorized private legal entities.
The scope of the aforementioned persons to whom data is transferred and the purposes of data transfer are specified below.
| PARTIES TO WHOM DATA MAY BE TRANSFERRED | DESCRIPTION | PURPOSE OF DATA TRANSFER |
|---|---|---|
| BUSINESS PARTNER | Parties that establish partnerships with Dia Pro Medical Products Industry and Trade Inc. to carry out various projects or receive services together. | Limited to ensuring the fulfillment of the purposes of the partnership. |
| SUPPLIER | Parties providing contract-based services to Dia Pro Medical Products Industry and Trade Inc. in accordance with its orders and instructions. | Limited to ensuring the provision of outsourced services necessary for Dia Pro Medical Products Industry and Trade Inc. to carry out its commercial activities. |
| GROUP COMPANIES | – Hemakim Medical Products Industry and Trade Inc. – MDS Health Products Trade Inc. – Opakim Medical Products Industry and Trade Inc. | Limited to ensuring the conduct of commercial activities requiring the participation of Dia Pro Medical Products Industry and Trade Inc. |
| LEGALLY AUTHORIZED PUBLIC INSTITUTIONS AND ORGANIZATIONS | Public institutions and organizations authorized to request information and documents from Dia Pro Medical Products Industry and Trade Inc. according to relevant legislation. | Limited to the purpose requested within the legal authority of the public institutions and organizations concerned. |
| LEGALLY AUTHORIZED PRIVATE LEGAL ENTITIES | Private legal entities authorized by relevant legislation to request information and documents from Dia Pro Medical Products Industry and Trade Inc. | Limited to the purpose requested within the legal authority of the concerned private legal entities. |