CUSTOMER INFORMATION TEXT
Customer Information Text
1. Identity of the Data Controller
As Dia Pro Tıbbi Ürünler Sanayi ve Ticaret A.Ş. (“Dia Pro” or the “Company”), we take care to ensure transparency regarding the protection of your personal data and the information we collect and how we use it. With this Privacy Notice, we aim to inform you, in your capacity as a party to our contractual relationship, about the methods and purposes for which we process your personal data as a data controller in accordance with the Personal Data Protection Law No. 6698 (“Law”).
This Privacy Notice has been prepared to inform the following groups of people (“Data Subjects”):
• Our real-person customers: Independent laboratory owners, individual healthcare practitioners, blood banks, and experts working in the field of immunohematology.
• Representatives, employees, distributors, dealers, and contact persons of our legal-entity customers, including hospitals, private healthcare institutions, clinical laboratories, diagnostic centers, blood banks, and other healthcare institutions.
All of these groups will be referred to as “Customers” throughout the text.
If you have any questions regarding the processing of your personal data, you may contact our data protection officer at diapro@diapro.com.tr.
2. For what purposes do we process your personal data and what are the legal grounds?
2.1 Purposes of processing:
We process our Customers’ personal data only with a valid legal reason and for limited purposes. Within this scope, we process our Customers’ personal data for the following purposes:
a. Managing the supply chain and the product shipment process
b. Preparing tender proposals, sending offers, and managing existing contract processes
c. Account issuance, controlling payment processes, and managing invoicing processes
d. Protecting the Company’s economic interests and ensuring compliance and reporting (such as compliance with our policies and local legal requirements, taxes and discounts, handling alleged misconduct or fraud cases, conducting audits, and defending in legal disputes)
e. Managing IT resources including infrastructure management and business continuity
f. Managing mergers and acquisitions related to our Company
g. Archiving and record keeping
h. All other purposes specified by laws and authorities
i. Collection processes
j. Reconciliation and independent audit organizations
2.2 Legal grounds for processing:
We will not process our Customers’ personal data unless there is an appropriate legal justification specified in the Law. We process the personal data we collect automatically based on the legal grounds listed in Article 5 of the Law, including:
• “It is necessary for the processing of personal data of the parties to a contract, provided that it is directly related to the establishment or performance of the contract,”
• “It is clearly provided for by the laws,”
• “It is necessary for the data controller to fulfill its legal obligations,” and
• “It is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.”
In this context, your personal data will be processed only in the following circumstances:
a. If the processing activity is necessary for fulfilling our obligations under the contract with the Customer or for taking pre-contractual steps upon the Customer’s request,
b. If the processing activity is necessary for us to comply with legal requirements,
c. If the processing activity is necessary for our legitimate interests and does not adversely affect the Customer’s interests or fundamental rights and freedoms.
Under this last point, we always aim to maintain a balance between our legitimate interests and the privacy of our Customers. Examples of such “legitimate interests” include data processing activities carried out for:
a. Developing a secure professional relationship
b. Supporting innovation in the areas we serve
c. Managing human and financial resources
d. Benefiting from cost-effective services
e. Providing our products and services to our Customers
f. Preventing fraud or criminal activities, misuse of our products or services, as well as misuse of our IT systems, architecture, and networks
g. Enabling the sale of any part of our business or assets, or enabling the acquisition of all or part of our business or assets by a third party
h. Achieving our corporate and social responsibility goals
3. What personal data do we collect about you?
We may collect various types of personal data about our Customers, including the following:
a. General customer information and identity information: Full name, date and place of birth, nationality, ID card or passport number, email or postal address, landline and/or mobile phone number.
b. Customer’s role: Title, position, and company name
c. Customer’s financial information: Account details, statement records
d. Where necessary for product delivery;
If our Customers intend to provide personal data of other individuals (e.g., Customer employees), Customers must provide these individuals with a copy of this Privacy Notice.
4. Who can access your personal data and to whom may it be transferred?
We will not sell, share, or transfer your personal data to third parties other than those specified in this Privacy Notice.
During our activities and for the same purposes stated in this Privacy Notice, your personal data may be accessed by or transferred to the following parties:
a. Dia Pro group companies (Hemakim Tıbbi Ürünler San. ve Tic. A.Ş., MDS Sağlık Ürünleri Tic. A.Ş., Opakim Tıbbi Ürünler San. ve Tic. A.Ş.)
b. Our personnel (including Dia Pro group personnel, departments, or other group companies)
c. Suppliers and service providers who supply products and services to us
d. IT system providers, cloud service providers, and consultants
e. Any third parties to whom we transfer or assign our rights or obligations
f. Our consultants and external lawyers within the scope of the sale or transfer of any part of our business or company assets
The above third parties are obliged to protect the confidentiality and security of your personal data in compliance with applicable laws and within the contractual relationship.
In cases required by applicable legislation or upon request, all national and/or international law enforcement, public institutions, or courts may access your personal data or your personal data may be transferred to these institutions.
Your personal data is processed, stored, and protected solely within the borders of the Republic of Turkey by Dia Pro.
There is currently no transfer of your personal data abroad within the scope of our ongoing activities.
Your personal data is shared only with:
• Authorized internal units of the Company
• Domestic suppliers from whom we receive services
• Legally authorized public institutions
in compliance with Article 8 of the Law, and only within Turkey.
If a new process requiring transfer abroad emerges, this will be announced separately in accordance with KVKK and the necessary notifications will be made.
5. How long do we store your personal data?
We will store the above-mentioned personal data only for the period reasonably necessary to fulfill the purposes stated in this Privacy Notice and for the duration required and/or permitted by applicable legislation. When this period expires, Customers’ personal data will be deleted, destroyed, or anonymized.
6. What are your rights and how can you exercise them?
Without prejudice to the cases specified in Article 28 of KVKK titled “Exceptions,” you may apply to our Company under Article 11 of the Law and request:
a. To learn whether your personal data is processed,
b. If processed, to request information regarding such processing,
c. To learn the purpose of processing and whether the data is used in accordance with this purpose,
d. To know the third parties to whom your data is transferred domestically or abroad,
e. To request correction if your personal data is incomplete or inaccurate,
f. To request deletion or destruction of your personal data under the conditions specified in Article 7 of the Law,
g. To request notification to third parties to whom your personal data has been transferred regarding the actions taken under subparagraphs (e) and (f),
h. To object to the emergence of a result against you due to exclusive processing by automated systems,
i. To request compensation if you suffer damage due to unlawful processing of your personal data.
Applications may be submitted to our Company after completing the “Data Subject Application Form” available at “https://diapro.com.tr” in the manner specified in the form.
Requests submitted to our Company will be responded to as soon as possible and within no more than 30 (thirty) days, in writing or electronically, depending on the nature of your request, and in accordance with the fee schedule specified in Article 7 of the Communiqué on the Procedures and Principles of Application to the Data Controller.
7. How will you be informed about changes to this Privacy Notice?
All future changes or additions concerning the processing of your personal data as described in this Privacy Notice will be made accessible to you through our usual communication channels (e.g., through our communication center or our websites, or via email upon request).