Menu

SUPPLIER INFORMATION TEXT

Supplier Information Text

  1. Identity of the Data Controller

This Information Text has been prepared to inform the following groups of individuals (“Data Subjects”):

  • Real person suppliers and business partners providing services,

  • Authorized representatives or contact persons of legal entity suppliers and service providers,

  • Other individuals visiting our Company.

Throughout the text, these groups will be referred to as “Suppliers.”
Suppliers are advised to carefully review this Information Text in order to understand for which purposes and by which methods their personal data are processed, and to learn the rights they hold in this context.

Dia Pro Tıbbi Ürünler Sanayi ve Ticaret A.Ş. (“Dia Pro” or “Company”) is committed to protecting the confidentiality of your personal data and ensuring full transparency in all data processing activities.
With this text, we aim to inform you about the methods and purposes of processing your personal data in our capacity as the data controller.

Dia Pro acts as the data controller as a legal entity responsible for determining the purposes and means of processing personal data and for establishing, managing, and securing the data recording system.
When necessary, our Company may also carry out personal data processing activities jointly with other real or legal persons as a “joint data controller.”
If you have any questions regarding the processing of your personal data, you may contact our data protection officer at: diapro@diapro.com.tr

  1. For what purposes do we process your personal data and what are the legal grounds?

2.1 Purposes of processing:

Personal data belonging to data subjects are always processed based on a valid legal ground and limited to specified purposes. In this context, personal data are used for the following purposes:

• Managing and executing business relationships and processes with suppliers through the digital recording and management systems used by the Company,
• Fulfilling existing contracts and planning assignment, evaluation, and operational processes in preparation for new contracts,
• Ensuring communication, coordination, planning, and process efficiency in accordance with the nature of the goods or services provided,
• Comprehensive management of procurement requests, maintenance and repair operations, internal and external factory operations (logistics, transportation, technical service, etc.), and purchasing activities,
• Preparing tender offers, fulfilling requirements related to contract preparation, and carrying out related procedures,
• Monitoring activities conducted within factories and other facilities under occupational health and safety rules, company policies, and applicable legislation, and implementing necessary security measures,
• Managing training, access, and authorization modules provided to suppliers,
• Operating IT infrastructure, ensuring business continuity, conducting technical security processes, and maintaining relevant recording systems,
• Protecting the Company’s economic and operational interests; conducting compliance, reporting, risk management, internal control, fraud or misuse investigations, audit activities, and preparing necessary legal defenses in case of disputes,
• Archiving and fulfilling mandatory record-keeping obligations,
• Complying with statutory requirements and providing information or documents to authorized public authorities and judicial bodies.

2.2 Legal grounds for processing:

Unless a valid legal ground exists under the Personal Data Protection Law (“KVKK”), personal data belonging to Suppliers will not be processed. The collected personal data may be processed based on the following legal grounds stated in Article 5 of KVKK:

• The explicit consent of the data subject,
• Processing being necessary for the Company, as the data controller, to fulfill its legal obligations,
• Processing being mandatory for the legitimate interests of the data controller, provided it does not harm the fundamental rights and freedoms of the data subject.

The balance between the legitimate interests of the Company and the privacy rights of Suppliers is always observed. Examples of processing purposes that may fall under “legitimate interest” include:

• Managing secure, sustainable, and professional business relationships with suppliers,
• Introducing innovations, products, and process improvements related to the Company’s area of activity,
• Efficient management of human resources, financial resources, and operational processes,
• Benefiting from cost-effective services (e.g., supplier platforms where personal data are processed),
• Preventing fraud and unlawful activities; protecting IT systems, network security, and service infrastructure; preventing misuse,
• Conducting corporate transactions such as the transfer or sale of all or part of the Company or its assets,
• Carrying out corporate and social responsibility activities.

For additional information regarding personal data processing, you may contact the Company via the email address provided in Article 6.

  1. What personal data do we collect about you?

Personal data regarding Suppliers may be obtained directly from the individuals, from the legal entities with whom we cooperate, from subcontractors and service providers, or from reliable and publicly accessible sources. In this context, various types of personal data may be collected, including but not limited to:

General and identification information: name–surname, ID card details, Turkish ID number, e-mail and postal address, landline/mobile phone number.
Duty and authority information: company name, title, position, scope of authority and responsibility.
Financial information: bank account details, tax number, invoice information, payment and accounting records.
Factory and facility entry–exit data: visitor logbook details, entry/visitor card logs, entry–exit times, access permissions within factory premises.
CCTV recordings: image recordings taken via security cameras located in the factory, warehouse, production areas, loading/unloading zones, and administrative units.
Logistics and transportation data: vehicle plate number, driver name–surname, delivery documents, shipment records, vehicle entry–exit logs.
Occupational health and safety (OHS) data:
– OHS compliance certificates, safety training certificates, OHS qualification documents,
– Health/fitness reports required for tasks conducted within the factory premises (only to the extent mandatory for activities).
Technical service and maintenance data: authorization information, maintenance request forms containing contact details.
Public data: trade registry records, professional qualification certificates, corporate website information.

  1. Who may access your personal data and to whom can they be transferred?

Your personal data will not be shared, sold, or transferred to any third party other than for the purposes stated in this Information Text.
However, when required by our activities and strictly limited to the purposes indicated, your personal data may be transferred to the following persons and organizations:

4.1 Group Companies and Authorized Units

• Relevant departments within Dia Pro Tıbbi Ürünler San. ve Tic. A.Ş.
• Group companies and affiliated units, limited to relevant purposes:
o Opakim Tıbbi Ürünler San. ve Tic. A.Ş.
o MDS Sağlık Ürünleri Tic. A.Ş.
o Hemakim Tıbbı Ürünler San. ve Tic. A.Ş.

4.2 Suppliers and Service Providers

• Solution partners with whom we cooperate for the supply of products and services,
• Providers of IT infrastructure, software, cloud systems, databases, maintenance, and support services,
• Third parties providing logistics, security, audit, financial consulting, or operational services.

4.3 Representatives, Consultants, and Professional Service Providers

• Independent representatives or intermediaries,
• Company lawyers, financial advisors, and external consultants,
• Experts and consultants involved in transfer, renewal, or assignment of rights and obligations or in corporate/asset transfer transactions.

These parties are obligated to protect the confidentiality and security of your personal data in accordance with applicable legislation and contractual commitments.

4.4 Public Authorities

Where required by law or upon the request of official bodies, personal data may be accessed or transferred to:

• Courts,
• Ministries,
• Law enforcement authorities,
• Regulatory and supervisory agencies.

  1. How long do we retain your personal data?

Personal data will be retained only for the period necessary to fulfill the purposes described in this Information Text and within the time limits permitted or required by applicable legislation.
Following the expiration of these periods or upon request of the data subject, the personal data will be deleted, destroyed, or anonymized.

  1. Rights of the Data Subject under KVKK Article 11

Without prejudice to the exceptions under Article 28 of KVKK, you may submit a request to our Company and exercise the following rights under Article 11:

a. To learn whether your personal data are being processed,
b. To request information if your personal data have been processed,
c. To learn the purpose of processing and whether the data are used in accordance with that purpose,
d. To know the third parties to whom the data are transferred domestically or abroad,
e. To request the correction of incomplete or inaccurate data,
f. To request deletion or destruction of personal data under Article 7,
g. To request notification of operations carried out under (e) and (f) to third parties to whom the data have been transferred,
h. To object to adverse results arising from the analysis of personal data exclusively through automated systems,
i. To request compensation for damage arising from unlawful processing of personal data.

Applications may be submitted to our Company by completing the “Data Subject Application Form” available at https://diapro.com.tr, and sending it in the manner specified in the form.
Your applications will be answered in writing or electronically within 30 (thirty) days, subject to the applicable processing fee, in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

  1. How will you be informed of changes to this Information Text?

Any future changes or additions regarding the processing of your personal data within this Information Text will be made accessible to you through our usual communication channels.