Law No. 6698 (KVKK)

Protection of Personal Data

Effective1 January 2025
Data ControllerAnadolu Tıp Teknolojileri A.Ş.
Contactmail@anadolutip.com.tr
01

Data Controller

This Information Notice is issued pursuant to the Law on the Protection of Personal Data No. 6698 (the “KVKK”) and the secondary legislation enacted thereunder. Within the meaning of Article 3 of the KVKK, the following entity acts as the “Data Controller”:

Legal Title
Anadolu Tıp Teknolojileri A.Ş. (“Zaraccom Lenses”)
Address
1. OSB. 2. Kısım 5. Cad No: 10 Merkez/SİVAS
Trade Registry
Sivas Chamber of Commerce
Email
mail@zaraccom.com
Telephone
+90 346 218 14 18
02

Scope

This Notice applies to all natural persons whose personal data is processed by Zaraccom Lenses, including, without limitation, visitors of the website available at www.zaraccom.com, prospective and existing customers, distributors, suppliers, business partners, job applicants and any third parties who communicate with the Data Controller through any channel.

03

Categories of Personal Data Processed

The Data Controller may process the following categories of personal data:

  • Identity data: name, surname, signature and, where applicable, title or profession.
  • Contact data: postal address, email address, telephone and facsimile numbers.
  • Customer transaction data: order details, invoicing information, product preferences and correspondence records.
  • Audit and transaction security data: server log records, IP address, session identifiers and access timestamps.
  • Marketing data: survey responses, campaign engagement and electronic communication preferences.
  • Recruitment data: curriculum vitae, education history, work experience and references, processed solely where you apply for a position.

Special categories of personal data within the meaning of Article 6 of the KVKK are not collected through the website. Where such data is unavoidably processed (for example, in employment relations), it is processed only on the basis of explicit consent or another legal ground expressly set out in the KVKK.

04

Purposes of Processing

Personal data is processed for the following purposes:

  • execution and management of commercial activities and contractual relationships;
  • operation, maintenance and security of the website and supporting information systems;
  • responding to enquiries, complaints and requests submitted through the contact channels;
  • fulfilment of obligations imposed by mandatory provisions of Turkish law, including regulations applicable to medical devices and the secondary legislation of the Ministry of Health;
  • conduct of internal audit, financial and accounting activities;
  • storage and management of corporate records;
  • evaluation of job applications and execution of human resources processes;
  • sending of commercial electronic communications where lawful and where consent has been obtained.
05

Legal Grounds for Processing

Personal data is processed in reliance upon one or more of the legal grounds set out in Article 5 and, where applicable, Article 6 of the KVKK:

  • the processing is expressly permitted by law;
  • the processing is necessary for the establishment or performance of a contract to which the data subject is a party;
  • the processing is necessary for the Data Controller to comply with a legal obligation to which it is subject;
  • the personal data has been made public by the data subject;
  • the processing is necessary for the establishment, exercise or protection of a right;
  • the processing is necessary for the legitimate interests pursued by the Data Controller, provided that the fundamental rights and freedoms of the data subject are not prejudiced;
  • the data subject has provided explicit consent, where none of the above grounds apply.
06

Transfer of Personal Data

Personal data may be transferred to public authorities and judicial bodies where required by law, to authorised business partners, suppliers, service providers, distributors, independent auditors and legal counsel where necessary to achieve the purposes set out above, and to group companies where applicable. Such transfers are made in compliance with Articles 8 and 9 of the KVKK.

Personal data may be transferred abroad only where one of the conditions listed in Article 9 of the KVKK is met, including the existence of explicit consent, the presence of adequate protection in the receiving country as determined by the Personal Data Protection Board, or the provision of a written undertaking by the relevant parties together with the authorisation of the Board.

07

Retention Period

Personal data is retained for the period necessary for the purposes for which it was collected and, in any event, for no longer than the retention periods prescribed by applicable Turkish legislation, including the Turkish Code of Obligations, the Turkish Commercial Code, tax legislation, social security legislation and the legislation on medical devices. Upon expiry of the applicable retention period, personal data is erased, destroyed or anonymised ex officio or upon the request of the data subject, in accordance with the Regulation on the Erasure, Destruction or Anonymisation of Personal Data.

08

Technical and Administrative Measures

The Data Controller takes all reasonable technical and administrative measures, in accordance with Article 12 of the KVKK, to ensure an appropriate level of security for the personal data it processes. Such measures include access controls, authorisation matrices, network and application security, encryption, periodic risk assessments, training of personnel and the execution of confidentiality undertakings with employees and data processors.

09

Rights of the Data Subject

Pursuant to Article 11 of the KVKK, each data subject has the right to:

  • learn whether his or her personal data is processed;
  • request information if personal data has been processed;
  • learn the purpose of the processing and whether the data is used in compliance with that purpose;
  • be informed of the third parties to whom personal data is transferred, whether within Türkiye or abroad;
  • request correction of personal data which is incomplete or inaccurate;
  • request the erasure or destruction of personal data within the framework of Article 7 of the KVKK;
  • request notification of the operations of correction, erasure and destruction to the third parties to whom the personal data has been transferred;
  • object to the occurrence of a result against him or her by means of the analysis of the personal data exclusively through automated systems;
  • request compensation for damage arising from the unlawful processing of personal data.
10

Submission of Applications

Applications relating to the exercise of the rights set out above shall be made in accordance with the Communiqué on Application Procedures and Principles to the Data Controller. Applications must contain the applicant’s identification information and a clearly stated request, together with documentation supporting the applicant’s identity.

Channels
Applications may be submitted in writing to the registered address of the Data Controller indicated in Section 1, by means of a notarised notification, through the registered electronic mail (KEP) address of the Data Controller, or by electronic mail from an address previously notified to and recorded by the Data Controller, addressed to mail@zaraccom.com.

The Data Controller shall conclude the application as soon as possible and in any event within thirty (30) days from the date of receipt, free of charge. Where the response requires an additional cost, the tariff determined by the Personal Data Protection Board may be charged.

11

Contact

All questions concerning this Notice and the protection of personal data may be addressed to mail@zaraccom.com or to the postal address set out in Section 1. The Data Controller reserves the right to amend this Notice in order to reflect changes in legislation or changes in its processing activities. The most recent version shall be published on this page and shall be deemed effective as of the date indicated above.