INFORMATION ABOUT PRIVACY AND PERSONAL DATA PROTECTION FOR WEBSITE VISITORS

 

Pharmactive İlaç Sanayi ve Ticaret A.Ş. (“Company” or “PHARMACTIVE) values protecting the fundamental rights and freedoms of individuals, especially the right to privacy, which is regulated in Article 20 of the Constitution. Therefore, it values protecting and processing personal data according to law and acts with this understanding in all of its planning and activities.

PHARMACTIVE does not only consider the protection of personal data, which is the basis of the right to privacy, and its processing under the law only within the scope of compliance with the legislation, but also values the person as an approach to data protection. Acting with this awareness, PHARMACTIVE takes all necessary administrative and technical measures to prevent the illegal processing of personal data and storing the personal data security.

In this context, information about the processing and transfer conditions of personal data produced or shared during the use of the website www.pharmactive.com.tr under the Personal Data Protection Law No: 6698.

 

1.    Definitions

Website:www.pharmactive.com.tr

Law: Personal Data Protection Law No: 6698

Personal Data: Any information related to an identified or identifiable natural person.

Cookies: Small text files sent by servers to Online Visitors via browsers. Cookies can track Online Visitor’s information related to surfing in the Internet and history to provide special services to Online Visitor, to improve the service quality, to improve the content of the pages, to offer promotion and marketing suggestions; and in this context, they can stay during the period determined on the device of Online Visitor.

Online Visitor/Data Subject: Any person who access the website. Included as “Visitor” category in relevant company policies.

Board: Personal Data Protection Board

Company: Pharmactive İlaç Sanayi ve Ticaret Anonim Şirketi

Hosting Provider: Natural or legal persons who provide or operate systems that host services and content on the Internet.

 

2.    Processed Personal Data

Processed personal data of Online Visitor depending on the access to the Website and the transactions performed on the Website are presented below:

For Online Visitors who visit the Website,

- Process Security Information (IP address, website traffic information, etc.)

 

For Online Visitors who fill in the forms on the Website,

- Identity Information (first name, last name)

- Contact Information (e-mail address, phone number)

 

In addition to those above, it is possible to process other data that may be mandatory for the operation, development, and security of the Website under the Law.

 

3.    Method and Cause of Action of Collecting Personal Data

Personal data is collected by using the Website or filling out the communication form to store it for the time required for processing by wholly or partly automated means.

Personal data is processed based on the explicit consent of the Online Visitor. However; under the Article 5(2) of the Law, personal data may be processed without the explicit consent of the data subject if it is (i) expressly permitted by any law, (ii) necessary for the data controller to comply with legal obligations, (iii) necessary for the institution, usage or protection of a right, (iv) necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.

 

4.    Purposes of Processing Personal Data

Personal data is processed depending on the transactions made by Online Visitor on the Website, in the case of expressly permitted by any law or under the other conditions specified in the Article 5(2) of the Law for the following purposes;

§  In case of filling out the “Identity and Contact Details” form

-        Conducting/supervising business activities (performing business activities by us and ensuring the control of the business activities we perform)

-        Managing customer relationship management process (managing our relations with customers about the products and services offered, meeting the demands),

-        Following demands/complaints (responding to complaints, demands, thanks and suggestion applications) conducting communication activities (if necessary, contacting you based on the information provided)

§  “Website Traffic Information”

-        Managing information security process (ensuring process security in form creation processes)

On the other hand, according to the Law No. 5651 and other related laws, Hosting Provider must record and store website traffic information.

5.    Cookies

Third-party cookies are not used on the Website. However, cookies only necessary for the operation and security of the website can be used. Online Visitors do not have to accept cookies or they can choose to receive a notification by changing their browser settings. However, certain functions of the Website may not work properly when the cookies are disabled.

a.                   Intended Purpose of Cookies

The links below contain information on how to manage (and disable) cookies in some common browsers:

As PHARMACTIVE, we use cookies for various purposes on our website and application, and we process your personal data through these cookies. These purposes are mainly presented below:

·         Performing basic functions necessary for the operation of the website and the application. For example, members who have logged in do not need to re-enter a password when visiting different pages on the website.

·         Analyzing the website and the application, increasing the performance of the website and the application. For example, the integration of different servers on which the website operates, determining the number of visitors to the website and making performance adjustments accordingly, or facilitating visitors to find what they are looking for.

·         Increasing the functionality of the website and the application and providing ease of use. For example, sharing on third-party social media channels through the website, remembering the username information, or search queries during the next visit of the visitor to the website.

b.                  Cookies Used On Our Website

Only mandatory cookies are used on our website. The use of these cookies is mandatory for our website and application to function properly. For example, the authentication cookies that are activated when you log in to our website ensure that your active login continues during your transition from one page to another on our website.

c.                   How to Check the Use of Cookies

The preferences of our visitors and users regarding the use of cookies and similar technologies are essential for us. However, cookies that are mandatory for the Platform to work must be used. In addition to this, we would like to remind you that some functions of the Platform may not work wholly or partly if some cookies are disabled.

Information on how you can manage your preferences for cookies used on the Platform are as follows:

·         Visitors have the opportunity to customize their preferences for cookies by changing their browser settings on which they view the Platform. If the browser in use offers this opportunity, it is possible to change the preferences for cookies via browser settings. Thus, although the browser may differ depending on the browser, data subjects have the opportunity to prevent to use of cookies, to receive a notification before using the cookie, or to disable/delete only some cookies.

·         Although the preferences in this respect vary depending on the browser used, the general explanation can be found at https://www.aboutcookies.org/ .  Choices regarding cookies may need to be made separately for each device that the visitor accesses the Platform.

·         To disable cookies managed by Google Analytics, visit (https://tools.google.com/dlpage/gaoptout).

·         To manage the customized advertising experience provided by Google (https://myaccount.google.com/not-supported).

·         Preferences for cookies used by many companies for advertising can be managed through Your Online Choices (https://www.youronlinechoices.com/tr/reklam-tercihleriniz).

·         Settings menu of the mobile device can be used to manage cookies on mobile devices.

·         You have the opportunity to customize your preferences for cookies by changing your browser settings.

Adobe Analytics

http://www.adobe.com/uk/privacy/opt-out.html

AOL

https://help.aol.com/articles/restore-security-settings-and-enable-cookie-settings-on-browser

Google Adwords

https://support.google.com/ads/answer/2662922?hl=en

Google Analytics

https://tools.google.com/dlpage/gaoptout

Google Chrome

http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647

Internet Explorer

https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

MozillaFirefox

http://support.mozilla.com/en-US/kb/Cookies

Opera

http://www.opera.com/browser/tutorials/security/privacy/

Safari:

https://support.apple.com/kb/ph19214?locale=tr_TR

 

6.    Recipients and Purposes of Personal Data Transfers

Personal data may be transferred PHARMACTIVE’s group companies, subsidiaries, affiliates, business partners and authorized public institutions and organizations, if one of the conditions in Article 5(2) of the Law is met. Personal data may be transferred only for the purposes specified in Article 4 of this text, provided that the necessary security measures are taken within the framework of the conditions specified in Articles 8 and 9 of the Law.

The transfer of Personal Data is subject to the explicit consent of the Online Visitor in the absence of any of the conditions in Article 5(2) of the Law.

 

7.    Measures Taken for Data Security

PHARMACTIVE has to take all necessary administrative and technical measures to prevent personal data from being processed and accessed unlawfully, to ensure the protection of personal data and the appropriate level of security.

In the case of redirecting to other websites or applications through the website, PHARMACTIVE does not have information about the compliance of the directed websites and applications with the legislation for the protection of personal data and is not under any responsibility for their privacy policies and contents.

 

a.                   Administrative Measures

As PHARMACTIVE, we provide our staff with the necessary training for the lawful processing and protection of your personal data, and regularly check our employees to measure the level of compliance with the Law. We adopt the compliance and care of our staff to the Law as a criterion in the performance evaluation of our staff.
 
While these measures are taken within the Company, we ensure your data security by signing confidentiality agreements and undertakings with groups of people (suppliers, business partners) that we have shared your personal data under the Law, and ensure that our shareholders are sensitive enough for your personal data.
 
In addition to trainings, audits, and measures, intervention plans have been prepared and the necessary preparations have been made to resolve the violation by working with the Board as a Company in the event of a violation of your personal data.
b.                  Technical Measures
To ensure data security and to prevent unlawful access to your data, information infrastructure equipped with security measures complying with international standards has been prepared. For the system installed on this infrastructure to function properly, it is constantly checked from the inside.
In our information infrastructure where your data collected through our website is processed and stored, technical measures provided by the Personal Data Protection Board are respected, such as encryption authorization matrix, application and network security, data masking, firewalls, backup, key management and current anti-virus systems.
In addition to this, intrusion detection and prevention systems have been set up to prevent attacks on our information infrastructure, and the security of the system is checked by making risk analysis, data classification, vulnerability scans and penetration tests regularly. As a requirement of the importance we give to your personal data to carry out all these processes, software programs, and their support in accordance with international standards are also received.

 

8.    Rights of Data Subject under the Article 11 of the Law

Under Article 10 of the Law, PHARMACTIVE informs the data subjects about their rights and provides guidance on how to exercise these rights and performs the necessary internal procedures, administrative and technical arrangements for all these.

According to Article 11 of the Law, data subjects have the right to;

§  Learn whether their data is processed,

§  Request information if their data is processed,

§  Learn the purposes for the processing of personal data and whether it is used accordingly,

§  Know the third parties to whom their personal data is transferred domestically or abroad,

§  Request the rectification of their personal data if it processed incompletely or incorrectly,

§  Request the deletion or destruction of personal data under the Article 7 of the Law,

§  Request the third parties who have received the personal data of data subjects to be notified about the transactions made (rectification and destruction) under Article 11(d) and (e) of the Law,

§  Object to the outcome against the persons themselves by analyzing the processed data exclusively through automated systems,

§  Claim for damages if personal data is damaged due to unlawful processing.

Request and applications regarding the enforcement of the Law may be submitted in person or can be sent via Notary to the address “Mahmutbey Mahallesi Taşocağı Yolu Caddesi Balance Güneşli F Blok No:19/1 Bağcılar/İSTANBUL” by filling the Data Subject Application Form.  They can also be sent through the registered e-mail address (KEP)  pharmactive@hs01.kep.tr, or using a secure electronic signature or mobile signature.

Requests and applications may also be sent to  pharmactive@hs01.kep.tr” if there is an e-mail address previously reported to PHARMACTIVE by the data subject and registered in PHARMACTIVE’s system.

The following information is obligatory in requests and applications;

§  First name, last name, and signature if the application is in writing,

§  Turkish National Identity Number for citizens of the Republic of Turkey; nationality and passport number (national identity number if applicable) for other nationalities,

§  Permanent address or business address for notifications,

§  E-mail address, phone and fax number if applicable to the notification,

§  Subject

Information and related documents should be attached to the application.

PHARMACTIVE shall respond to the requests in an application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, in case the action in question requires an additional cost, the fee in the tariff determined by the Board may be charged.

PHARMACTIVE may accept the request or reject it by explaining the reason and informs the Data Subject in written or electronically. If the request in the application is accepted, PHARMACTIVE shall fulfill the requirements as soon as possible and inform the data subject. If the application is caused by the error of PHARMACTIVE, the fee shall be refunded to the data subject.

If the application is rejected, the response is insufficient or the application is not responded in due time; the data subject has the right to make a complaint to the Board within thirty days from the date of receipt and, in any case, within sixty days from the date of application.

 

By using the Website, Online Visitor declares that he/she has read all the conditions written in this informative text and is informed about the processing of his/her personal data.

Version Date

27/05/2020

V1

 

V2