{"id":4116,"date":"2020-09-25T13:43:49","date_gmt":"2020-09-25T13:43:49","guid":{"rendered":"https:\/\/profen.bootests.com\/?page_id=4116"},"modified":"2026-04-06T10:00:07","modified_gmt":"2026-04-06T10:00:07","slug":"profen-life-sciences-gdpr","status":"publish","type":"page","link":"https:\/\/profen.com\/en\/profen-life-sciences-gdpr\/","title":{"rendered":"Profen Life Sciences – GDPR"},"content":{"rendered":"

[vc_row el_class=”kvkk-metni”][vc_column][vc_column_text]<\/p>\n

Profen Life Sciences FOOD AND CONSULTANCY INC. POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA<\/p>\n

Profen Life Sciences FOOD AND CONSULTANCY INC.<\/p>\n

Document Name: Profen Life Sciences FOOD AND CONSULTANCY INC. Information Form for Personal Data Protection and Processing<\/p>\n

Target Group: All natural persons whose personal data is processed by Profen Life Sciences FOOD AND CONSULTANCY INC., except for the employees of Profen Life Sciences FOOD AND CONSULTANCY INC.<\/p>\n

Prepared by: Profen Life Sciences FOOD AND CONSULTANCY INC. Legal Department<\/p>\n

Version: V.1.0.<\/p>\n

Approved by: Profen Life Sciences FOOD AND CONSULTANCY INC. Approved by the Legal Department.<\/p>\n

Effective Date: 24\/09\/2020<\/p>\n

In cases where there is a conflict between the Turkish language version of the policy and any translation, the Turkish text shall prevail.<\/p>\n

\u00a9 Profen Life Sciences FOOD AND CONSULTANCY INC. 2020 This document cannot be reproduced and distributed without the written permission of Profen Life Sciences FOOD AND CONSULTANCY INC.<\/p>\n

CONTENTS<\/p>\n

INTRODUCTION.. 3<\/p>\n

DEFINITIONS AND ABBREVIATIONS.. 3
\nPRINCIPLES FOR PROCESSING OF PERSONAL DATA… 3<\/p>\n

2.1.\u00a0 ACTING IN COMPLIANCE WITH LAW AND RULES OF INTEGRITY.. 3<\/p>\n

2.2.\u00a0 ACCURACY AND UP-TO-DATENESS. 3<\/p>\n

2.3.\u00a0 PROCESSING FOR SPECIFIC, CLEAR AND LEGITIMATE PURPOSES. 3<\/p>\n

2.4.\u00a0 BEING RELATED, LIMITED AND PROPORTIONATE TO THE PURPOSE OF PROCESSING.. 3<\/p>\n

2.5.\u00a0 KEEPING FOR THE TIME PERIOD PROVIDED FOR IN THE RELEVANT LEGISLATION OR FOR THE PURPOSE OF PROCESSING.. 3<\/p>\n

PURPOSE OF PERSONAL DATA PROCESSING BY THE COMPANY.. 3
\nTRANSFER OF PERSONAL DATA BY THE COMPANY… 3<\/p>\n

4.1.\u00a0 GENERAL REQUIREMENTS FOR DATA TRANSFER.. 3<\/p>\n

4.2.\u00a0 TRANSFER ABROAD.. 3<\/p>\n

4.3.\u00a0 PARTIES TO WHOM DATA IS TRANSFERRED BY THE COMPANY.. 3<\/p>\n

PERSONAL DATA PROCESSED BY THE COMPANY… 3
\nPROCEDURE OF PERSONAL DATA PROCESSING BY THE COMPANY 3
\nDETERMINATION BY THE COMPANY OF RETENTION PERIODS OF PERSONAL DATA.. 3
\nRIGHTS OF DATA SUBJECTS AND THE EXERCISE OF THESE RIGHTS 3<\/p>\n

8.1.\u00a0 RIGHTS OF DATA SUBJECTS. 3<\/p>\n

8.2.\u00a0 EXERCISE OF RIGHTS BY DATA SUBJECTS. 3<\/p>\n

PROTECTION OF PERSONAL DATA BY THE COMPANY… 3<\/p>\n

ANNEX-1: DATA CATEGORIES.. 3<\/p>\n

ANNEX 2\u2013 PERSONAL DATA SUBJECTS.. 3<\/p>\n

ANNEX 3- THIRD PARTIES TO WHOM PERSONAL DATA IS TRANSFERRED BY OUR COMPANY, AND PURPOSES OF TRANSFER.. 3<\/p>\n

INTRODUCTION<\/p>\n

The Personal Data Protection Law No. 6698 (the “Law”) entered into force on April 7, 2016 and includes provisions regarding the processing of all kinds of information related to “identified or identifiable natural persons”.<\/p>\n

Personal data protection is among the most important priorities for Profen Life Sciences FOOD AND CONSULTANCY INC. (”Profen Life Sciences” or the “Company”) and in this context, maximum effort is made to comply with all applicable legislation. This Personal Data Protection and Processing Policy of Profen Life Sciences FOOD AND CONSULTANCY INC. (the “Policy”) explains the principles adopted in the conduct of personal data processing activities carried out by our Company and the basic principles adopted in terms of compliance of the data processing activities of our Company with the provisions in the Personal Data Protection Law No. 6698 (the “Law”), and thus, our Company provides the necessary transparency by informing personal data subjects. With the full awareness of our liability hereunder, your personal data is processed and protected within the scope of this Policy. Detailed information about the personal data subjects in question can be found in Annex-2 (”Annex 2- Personal Data Subject”) to this Policy.<\/p>\n

This Policy may be updated from time to time in order to adapt to changing conditions and legislation.<\/p>\n

DEFINITIONS AND ABBREVIATIONS
\nExpress Consent Express Consent refers to any consent that is based on informing a person on a specific subject and is disclosed with free will.
\nAnonymization It refers to rendering personal data impossible to associate with an identified or identifiable natural person, even if it is paired with other data.
\nRelated Person It refers to any real person whose personal data is processed (referred to as “data subject” in the Policy).
\nLaw The Personal Data Protection Law No. 6698, published in the Official Gazette No. 29677, dated April 7, 2016.
\nPersonal Data Personal data refers to any information relating to an identified or identifiable real person.
\nPersonal Data Subject Personal data subject refers to any real person whose personal data is processed.
\nProcessing of Personal Data Processing of personal data covers all types of actions carried out on data such as obtaining personal data through means that are partially or fully automated or that are non-automated, subject to being part of any data recording system, recording, storing, maintaining, altering, rearranging, disclosing, transferring, taking over, making obtainable, classifying or preventing the use of personal data.
\nSpecial Categories of Personal Data It refers to data on race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, costume and attire, membership to any association, foundation or trade union, health, sexual life, criminal conviction and security measures and biometric and genetic data.
\nData Recording System It refers to the recording system in which personal data are configured and processed by certain criteria.
\nData Controller It refers to any real or legal person who determines the purposes and means of processing of personal data and is responsible for establishing and managing the data recording system.<\/p>\n

 <\/p>\n

2.PRINCIPLES FOR PROCESSING OF PERSONAL DATA<\/p>\n

The Company that is the data controller pursuant to Article 4 of the Law acts in accordance with the following principles in the processing of personal data.<\/p>\n

Acting in compliance with law and rules of integrity<\/p>\n

Personal data is processed in accordance with law and rules of integrity. In this direction, the Company, as the data controller, acts in accordance with the applicable legislation in all kinds of personal data processing activities and complies with the rules of integrity.<\/p>\n

Accuracy and up-to-dateness<\/p>\n

Data controllers should set up the necessary processes to ensure that the personal data they process are accurate and up to date. Accordingly, the Company provides the data subjects with the opportunity to update their data and takes the necessary measures to ensure the correct transfer of the data to the databases.<\/p>\n

Processing for specific, clear and legitimate purposes<\/p>\n

Data controllers are obliged to inform data subjects about the purposes of processing personal data in line with the disclosure obligations under the Law. Accordingly, the Company, as the data controller, limits its data processing activities to specific and legitimate purposes and informs data subjects clearly within the scope of the disclosure texts regarding these purposes.<\/p>\n

Being related, limited and proportionate to the purpose of processing<\/p>\n

Personal data is processed by the Company in connection with and limited to the purpose notified to the data subject at the time of their provision, to the extent necessary for this purpose.<\/p>\n

Keeping for the time period provided for in the relevant legislation or for the purpose of processing<\/p>\n

If a certain time period is determined within the scope of the applicable legislation, the data will be stored for such time period. If such a time period is not specified in the legislation, reasonable retention periods are determined by considering the intended use of data and the Company’s procedures, and the data is kept limited to such time periods. Following the expiry of the aforementioned time periods, the data will be deleted, destroyed or anonymized in line with the Company’s procedures.<\/p>\n

3.PURPOSE OF PERSONAL DATA PROCESSING BY THE COMPANY<\/p>\n

Articles 5 and 6 of the Law sets out the requirements for the processing of personal data and special categories of data. Special categories of personal data is listed in the Law in a limited manner and includes data on a person’s race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, costume and attire, membership to any association, foundation or trade union, health, sexual life, criminal conviction and injunction and biometric and genetic data. While Article 5 of the Law specifies the requirements for processing non-special categories of personal data, the requirements for processing special data are set out in Article 6.<\/p>\n

According to the said Article, non-special categories of personal data may be processed in the following cases:<\/p>\n

if data subject’s express consent is obtained;
\nif data processing is clearly provided for in laws;
\nif the processing of relevant data is mandatory to protect life or body integrity of any person, who is unable to disclose his\/her consent due to actual impossibility or whose consent is not considered legally valid, or any other person;
\nif the processing of personal data of contracting parties is necessary, provided that the processing is directly related to the execution or performance of a contract;
\nif the data processing is mandatory for the data controller to fulfil its legal obligation;
\nif the personal data has been publicized by the person concerned;
\nif the data processing is compulsory in order to establish, exercise or protect a right;
\nif the data processing is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the person concerned are not damaged.<\/p>\n

Special categories of personal data can be processed subject to the requirements listed below:<\/p>\n

if data subject’s express consent is obtained;
\nif the processing of special categories of personal data, except for health- and sexual life-related data, is provided for in laws (data on a person’s race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, costume and attire, membership to any association, foundation or trade union, criminal conviction and injunction and biometric and genetic data);
\nif health- and sexual life-related data is processed by persons or authorized institutions and organizations under the obligation of secrecy, for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing;<\/p>\n

 <\/p>\n

In this context, by the Company process personal data of natural persons in the categories listed in Annex-1 for the following purposes:<\/p>\n

carrying out emergency management processes;
\ncarrying out information security processes;
\nconducting selection and placement processes of employee candidates\/trainees\/students;
\ncarrying out application process of employee candidates;
\nfulfilment of obligations arising from employment contract and legislation for employees;
\ncarrying out the processes of fringe benefits and interests for employees;
\ncarrying out audit \/ ethics activities;
\ncarrying out training activities;
\ncarrying out activities in accordance with the legislation;
\ncarrying out finance and accounting affairs;
\nensuring the security of physical space;
\ncarrying out appointment processes;
\nmonitoring and carrying out legal affairs;
\ncarrying out communication activities;
\nplanning of human resources processes;
\ncarrying out\/supervising business activities;
\ncarrying out occupational health \/ safety activities;
\ntaking and evaluating suggestions for improvement of business processes;
\ncarrying out business continuity activities;
\ncarrying out logistics activities;
\ncarrying out procurement processes for goods \/ services;
\ncarrying out after-sales support services for goods\/services;
\ncarrying out procurement processes for goods \/ services;
\ncarrying out goods\/services production and operations and processes;
\ncarrying out the processes of customer relations management;
\ncarrying out customer satisfaction activities;
\norganization and event management;
\ncarrying out marketing analysis studies;
\ncarrying out advertising \/ campaign \/ promotion processes;
\ncarrying out risk management processes;
\ncarrying out custody and archiving activities;
\ncarrying out contract processes;
\nfollow-up of requests \/ complaints;
\nensuring the security of movable goods and resources;
\ncarrying out supply chain management processes;
\ncarrying out wage policy;
\ncarrying out marketing processes of products \/ services;
\nEnsuring the security of data controller operations
\nforeign personnel residence and work permit procedures;
\ncarrying out investment processes;
\nproviding information to authorized persons, institutions and organizations;
\ncarrying out management activities;
\ncreation and follow-up of visitor records;
\nother- signature authorization and realization of transactions based on this authorization;
\nother- management of cargo delivery processes;
\nother- carrying out ticketing and accommodation transactions;
\nother – carrying out survey processes;
\nother-ensuring the legal, technical and commercial-business security of the relevant persons in relationship with the Company.<\/p>\n

 <\/p>\n

4. TRANSFER OF PERSONAL DATA BY THE COMPANY
\n4.1. General Requirements for Data Transfer<\/p>\n

Article 8 of the Law provides for a distinction for the transfer of personal data whether the data is special categories of personal data. Detailed information related thereto can be found in Annex-3 to this Policy (Annex-3- Third-Parties to whom Personal Data is Transferred by Our Company and Purposes of Transfer”).<\/p>\n

According to the said Article, non-special categories of personal data can be transferred to third-parties in the presence of one of the processing requirements specified in Section 3 above. In this context, personal data can be shared by the Company with people other than legal entities:<\/p>\n

if data subject’s express consent is obtained;
\nif data processing is clearly provided for in laws;
\nif the processing of relevant data is mandatory to protect life or body integrity of any person, who is unable to disclose his\/her consent due to actual impossibility or whose consent is not considered legally valid, or any other person;
\nif the processing of personal data of contracting parties is necessary, provided that the processing is directly related to the execution or performance of a contract;
\nif the data processing is mandatory for the data controller to fulfil its legal obligation;
\nif the personal data has been publicized by the person concerned;
\nif the data processing is compulsory in order to establish, exercise or protect a right;
\nif the data processing is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the person concerned are not damaged.<\/p>\n

Article 8 makes reference to the processing requirements specified in Section 2 also in terms of special categories of personal data, but requires that adequate measures should also be taken for the transfer. Accordingly, special categories of personal data can be shared by the Company with third-parties if:<\/p>\n

the processing of special categories of personal data, except for health- and sexual life-related data, is provided for in laws (data on a person’s race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, costume and attire, membership to any association, foundation or trade union, criminal conviction and injunction and biometric and genetic data); and
\nhealth- and sexual life-related data is processed by persons or authorized institutions and organizations under the obligation of secrecy, for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing;<\/p>\n

provided that adequate measures are taken.<\/p>\n

4.2. Transfer Abroad<\/p>\n

Personal data can be transferred abroad by the Company provided that:<\/p>\n

the data subject’s express consent is obtained;
\nin cases where the subject’s express consent is not obtained, but one or more of the other requirements mentioned above are met;
\nif there is sufficient protection in the country where the data is transferred; and
\nin the event that no sufficient protection is available in the country where the data is transferred, the relevant company undertakes sufficient protection in writing with the data controller in the relevant foreign country and the permission of the Personal Data Protection Board is obtained.<\/p>\n

.<\/p>\n

4.3. Parties to whom data is transferred by the Company<\/p>\n

Within the scope of the above requirements, personal data is transferred by the Company to:<\/p>\n

suppliers for the purpose of procuring services in the processes that our Company outsources;
\nbusiness partners for the purpose of ensuring that the objectives of the business partnership are fulfilled;
\nlegally authorized public institutions and legally authorized private persons or organizations, being limited to the information requested within the framework of their legal powers; and
\nproduct or service purchasers and their employees and officials for the purpose of carrying out product services and marketing processes.<\/p>\n

 <\/p>\n

5. PERSONAL DATA PROCESSED BY THE COMPANY<\/p>\n

Our Company informs the related persons pursuant to Article 10 of the Law and the secondary legislation and processes personal data in accordance with the general principles specified in the Law, in particular, the principles specified in Article 4 of the Law, based on, and limited to, at least one of the personal data processing requirements specified in Articles 5 and 6 of the Law in line with the personal data processing purposes of our Company. The categories of personal data processed within the framework of the purposes and conditions specified in this Policy and detailed information about the categories can be found in Annex 1 (”Annex-1- Data Categories”).<\/p>\n

6. PROCEDURE OF PERSONAL DATA PROCESSING BY THE COMPANY<\/p>\n

As stipulated in the Law, the Company, as the data controller, provides personal data subjects with information about for what purposes it processes personal data, to whom and for what purposes the processed personal data can be transferred, the method and the legal ground of personal data collection and the rights of data subjects during the collection of personal data.<\/p>\n

If any process requires express consent pursuant to the Law, the Company obtains the express consents of the data subjects after the aforementioned disclosure is made.<\/p>\n

7. DETERMINATION BY THE COMPANY OF RETENTION PERIODS OF PERSONAL DATA<\/p>\n

When determining the retention periods of personal data, the Company takes into account the applicable legislation and the purposes of processing the data concerned. In any case, the Company determines the retention periods in the light of its legal obligations and the relevant statute of limitations.<\/p>\n

In the event that the purpose of data processing disappears, the data is deleted, destroyed or anonymized, unless there is another legal ground or basis that allows the data to be kept.<\/p>\n

8. RIGHTS OF DATA SUBJECTS AND THE EXERCISE OF THESE RIGHTS
\n8.1. Rights of data subjects<\/p>\n

According to Article 11 of the Law, personal data subjects have the following rights against the data controller:<\/p>\n

to find out whether their personal data has been processed;
\nto request information if their personal data been processed;
\nto find out the purpose of processing of their personal data and whether or not their personal data is used properly;
\nto know about third-parties to whom their personal data is transferred home or abroad;
\nif their personal data has been processed in an incomplete and incorrect manner, to request for correction of the same;
\nto request for deletion or disposition off of their personal data in accordance with the provisions provided for in the relevant legislation;
\nto request for notification of the correction, deletion and destruction processes to third-parties to whom their personal data has been transferred;
\nto object to the emergence of any consequence against themselves through analysis of the data processed exclusively by means of automated systems;
\nin case of any loss and\/or damage due to the unlawful processing of personal data, to claim indemnification for losses and\/or damages suffered.<\/p>\n

Circumstances in which data subjects do not have the right to request is listed in Paragraph 2 of Article 28 of the Law, and in this context, the rights specified above for personal data cannot be exercised if:<\/p>\n

personal data processing is necessary for the prevention of crime or criminal investigation;
\npersonal data made public by the person concerned is processed;
\npersonal data processing is necessary for the execution of auditing or regulation duties by authorized public institutions and organizations and professional institutions, which in nature are public institutions, based on the power granted by the law, and for disciplinary investigations or prosecutions;
\npersonal data processing is necessary for the protection of the State’s economic and financial interests in relation to budget, tax and financial matters.<\/p>\n

Since personal data will be outside the scope of the Law in the following cases pursuant to Paragraph 1 of Article 28 of the Law, data subjects’ requests will not be processed in terms of such data:<\/p>\n

processing of personal data by real persons within the scope of activities related to him\/her or his\/her family members living in the same residence, provided that they are not given to third-parties and obligations regarding data security are complied with;
\nprocessing of personal data for purposes, such as research, planning and statistics, by making them anonymous with official statistics;
\nprocessing of personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defence, national security, public security, public order, economic security, privacy or personal rights, or constitute a crime;
\nprocessing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public security, public order or economic security;
\nprocessing of personal data by judicial authorities or enforcement authorities regarding investigations, prosecutions, trials or enforcement proceedings.
\n8.2. Exercise of Rights by Data Subjects<\/p>\n

In order to exercise the above-mentioned rights, data subjects can use the “Form for Applications to be Made to Data Controller by Personal Data Subjects” available at [GDPR Application form].<\/p>\n

Applications will be made by one of the following methods, together with the documents that will determine the identity of the data subject:<\/p>\n

by completing the form and forwarding a signed copy thereof either by hand or through a notary public to Dar\u00fclaceze Cad., Halit Ziya T\u00fcrkkan Sk, Famas Plaza, A Blok Kat.10 No.35 \u015ei\u015fli \/ Istanbul;
\nby signing the form with a secure electronic signature under the Electronic Signature Law No. 5070 and sending the same by registered e-mail to Profen Life Sciences@hs03.kep.tr; or
\nwith a method provided for in the Communiqu\u00e9 on the Procedures and Principles for Applications to Data Controllers.<\/p>\n

The Company responds to data subjects who want to exercise the said rights within the limits stipulated by the Law, within a maximum of 30 (thirty) days, as provided for in the Law. In order for third-parties to make an application request on behalf of personal data subjects, there must be a power of attorney issued by the data subject in the name of the third-party before a notary public.<\/p>\n

Although applications of data subjects are processed free of charge as a rule, if the application is to be answered in writing within the framework of Article 7 of the Communiqu\u00e9 on the Procedures and Principles for Applications Data Controllers, no fee will be charged up to 10 pages, and a fee of TRY 1.00 will be charged for each page above 10 pages. If the application is to be answered in a recording medium such as CD, flash memory, the fee to be charged will not exceed the cost of the recording medium.<\/p>\n

The Company may request information from the relevant person in order to determine whether the applicant is the personal data subject, and may ask the personal data subject questions regarding his\/her application in order to clarify the matters specified in the application.<\/p>\n

9. PROTECTION OF PERSONAL DATA BY THE COMPANY<\/p>\n

The Company takes reasonable technical and administrative measures to prevent unauthorized access risks, accidental loss of, deliberate deletion of, or damage to, personal data, in order to ensure the security of personal data. In this context, the technical and administrative measures taken by the Company are as follows:<\/p>\n

Network security and application security are provided.
\nClosed system network is used for personal data transfers via network.
\nKey management is implemented.
\nSecurity measures are taken within the scope of procurement, development and maintenance of information technology systems.
\nSecurity of personal data stored in the cloud is provided.
\nTraining and awareness studies are conducted at regular intervals on data security for employees.
\nAn authorization matrix has been created for employees.
\nAccess logs are kept regularly.
\nCorporate policies on access, information security, use, storage and disposal have been prepared and implemented.
\nPowers of the employees who have been resigned or who have left their jobs are revoked.
\nUp-to-date anti-virus systems are used.
\nFirewalls are used.
\nPersonal data security policies and procedures have been established.
\nPersonal data security issues are reported quickly.
\nPersonal data security is monitored.
\nSecurity of personal data-containing media is provided.
\nPhysical environments containing personal data are protected against external risks (fire, flood, etc.).
\nPersonal data is reduced as much as possible.
\nPersonal data is backed up and the security of the backed up personal data is ensured.
\nA user account management and authorization control system is applied and followed up.
\nIn-house periodic and\/or random audits are carried out and caused to be carried out.
\nLog records are kept without user intervention.
\nExisting risks and threats have been identified.
\nSecure encryption\/cryptographic keys are used for private personal data and managed by different departments.
\nIntrusion detection and prevention systems are used.
\nCyber security measures have been taken and their implementation is continuously monitored.
\nEncryption is carried out.
\nData processing service providers are provided with awareness on data security.<\/p>\n

Annex-1: Data Categories
\nDATA CATEGORY DESCRIPTION OF PERSONAL DATA CATEGORIZATION PERSONAL DATA TYPES FALLING INTO RELATED PERSONAL DATA CATEGORIZATION
\nIdentity Data Information contained in documents, such as driver’s license, identity card, residence, passport, attorney’s identity, marriage certificate, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. ID number, passport number, identity card serial number, name-surname, photo, place of birth, date of birth, age, place of registry, etc.
\nCommunication Data Information that is used for communication with the person concerned, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. E-mail address, telephone number, mobile phone number, address, etc.
\nLocation Data Information that determines the location (position) of the place where the person concerned is located, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Location data, etc.
\nPersonnel Data Personal data that serves as the basis for the employees’ personal rights, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. All kinds of information and documents (e.g., wage amount, SSI premiums, payrolls, etc.) required to be included in the personal file by law.
\nCustomer Transaction Data Information on all kinds of transactions performed by customers who benefit from our products and services, which clearly pertains to a identified or identifiable natural person or a natural person representative\/official of a legal person customer and is included in the data recording system. Requests and instructions, order information, etc.
\nTransaction Security Data Personal data that is processed in order to provide technical, administrative, legal and commercial security, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Log records, IP information, authentication information, etc.<\/p>\n

 <\/p>\n

Financial Data<\/p>\n

Personal data within the scope of information, documents and records showing all kinds of financial results created according to the type of legal relationship with the personal data subject, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Information showing the financial result of the transactions made by the data subject, credit card number, wage details, etc.
\nVisual and Audio Data Visual and audio records that is associated with the personal data subject, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Photographs, camera recordings and sound recordings.<\/p>\n

 <\/p>\n

Information about Family Members and Relatives<\/p>\n

Information about the family members and relatives of the personal data subject processed in order to protect the legal interests of the relevant company and the data subject, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Identity information, contact information and professional and educational information and so on information about the children and spouses of the personal data subject.<\/p>\n

 <\/p>\n

Customer Information<\/p>\n

Information about customers who benefit from our products and services, which clearly pertains to a identified or identifiable natural person or a natural person representative\/official of a legal person customer and is included in the data recording system. Customer number, profession details, etc.
\nPhysical Space Security Data Personal data that relates to records and documents taken during the entry into, and the stay, in the physical space, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Entry\/exit logs, visit details, camera records, etc.
\nTransaction Security Data Personal data that is processed in order to provide technical, administrative, legal and commercial security of the Company and related parties, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Information indicating that the transaction associated with the personal data subject and that the person concerned is authorized to perform that transaction (e.g., website password and password information)
\nRisk Management Information Personal data that is processed in order to manage the Company’s commercial, technical and administrative risks, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. IP address, Mac ID and so on records.
\nProfessional Experience Data Data relating to the employee’s professional life and status, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Diploma information, courses attended, certificates, foreign language knowledge, etc.
\nHealth Data Data relating to the employee’s health status, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Disease history, medical diagnoses, blood type, etc.
\nOther-Military Status Data Data relating to the person’s military service status, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Data indicating whether the military service has been completed
\nOther-Resume Data Resume data that falls into the scope of the person’s personal file and differs from person to person depending on the content of the resume, which clearly pertains to an identified or identifiable natural person and is included in the data recording system. Resume<\/p>\n

Annex 2\u2013 Personal Data Subjects<\/p>\n

PERSONAL DATA SUBJECT CATEGORY DESCRIPTION
\nEmployee All real persons working for\/employed by Profen Life Sciences.
\nCandidate Employee Natural persons who have applied to Profen Life Sciences for a job in any way or who have opened their resumes and related information for review by Profen Life Sciences.
\nTrainee Persons who do an internship at Profen Life Sciences in order to gain work experience, learn the work done, and improve their professional knowledge and skills.<\/p>\n

Visitor<\/p>\n

 <\/p>\n

Real persons who have entered into the physical sites owned by Profen Life Sciences for various purposes or who have visited our websites
\nFamily Members and Relatives Spouses, children and relatives of data subjects whose personal data is processed within the scope of this Policy within the framework of the activities carried out by Profen Life Sciences.
\nThird-Party Other real persons who are not covered by this Policy and the Policy for Protection and Processing of Personal Data of Employees of Profen Life Sciences FOOD AND CONSULTANCY (e.g., guarantors, attendants, former employees)
\nSuppliers and Suppliers’ Employees\/Officials Real persons who are an official or shareholder of the party providing services to Profen Life Sciences on contract basis in accordance with the orders and instructions of Profen Life Sciences when conducting the commercial activities of Profen Life Sciences.
\nProduct or Service Buyers and their Employees\/Officials Real persons who are an official or shareholder of the party that Profen Life Sciences provides services or products when carrying out its commercial activities.
\nPotential Product or Service Buyers and their Employees\/Officials Real persons who are an employee, official or shareholder of the party that Profen Life Sciences is likely to offer services or products in the future when carrying out its commercial activities.
\nEmployees, Shareholders and Officials of Organizations We Cooperate with Real persons employed in organizations with whom Profen Life Sciences has any business relationships, including the shareholders and officials of such organizations (including, but not limited to their business partners, suppliers).
\nCompany Shareholder Real persons who are a Profen Life Sciences shareholder.
\nCompany Official Real persons who are a board member and other authorized real person of Profen Life Sciences.<\/p>\n

 <\/p>\n

Annex 3- Third Parties to whom Personal Data is transferred by Our Company, and Purposes of Transfer<\/p>\n

Profen Life Sciences may, in accordance with Articles 8 and 9 of the PDPL, transfer personal data of data subjects covered by this Policy to the following categories of persons:<\/p>\n

Profen Life Sciences business partners;
\nProfen Life Sciences suppliers and their employees and officials;
\nProfen Life Sciences product or service buyers and their employees and officials;
\nLegally authorized public authorities and organizations;
\nLegally authorized private legal persons.<\/p>\n

The scope of the persons to whom the transfer is made and the purposes of data transfer are stated below.<\/p>\n

PERSONS TO WHOM PERSONAL DATA CAN BE TRANSFERRED DESCRIPTION PURPOSE OF DATA TRANSFER<\/p>\n

 <\/p>\n

 <\/p>\n

Suppliers and Suppliers’ Employees\/Officials<\/p>\n

 <\/p>\n

Parties that provide services to Profen Life Sciences on contract basis in accordance with the orders and instructions of Profen Life Sciences when conducting the commercial activities of Profen Life Sciences. Limited data is transferred in order to ensure that Profen Life Sciences is provided with the services required to fulfil its commercial activities, which Profen Life Sciences outsources from the supplier.
\nProduct or Service Buyers and their Employees\/Officials Real persons who are an official or shareholder of the party that Profen Life Sciences provides services or products when carrying out its commercial activities. Limited data is transferred in order to enable Profen Life Sciences to benefit from its commercial activities and to receive the necessary services from Profen Life Sciences.
\nLegally Authorized Public Authorities and Organizations Public institutions and organizations authorized to receive information and documents from Profen Life Sciences in accordance with the provisions of the relevant legislation. Data is transferred limited with the purpose required by the relevant public institutions and organizations within their legal powers.
\nLegally Authorized Private Legal Persons Private legal persons authorized to receive information and documents from Profen Life Sciences in accordance with the provisions of the relevant legislation. Data is transferred limited with the purpose required by the relevant private legal persons within their legal powers.
\nBusiness Partners Parties that Profen Life Sciences has established business partnerships with for purposes, such as carrying out various projects and receiving services in person or with other business partners, when conducting its commercial activities. Data is transferred limited with the purpose of fulfilling of the purposes of establishment of the business partnership.<\/p>\n

[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"

[vc_row el_class=”kvkk-metni”][vc_column][vc_column_text] Profen Life Sciences FOOD AND CONSULTANCY INC. POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA Profen Life Sciences […]<\/p>\n","protected":false},"author":2,"featured_media":1467,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_vp_format_video_url":"","_vp_image_focal_point":[],"footnotes":""},"class_list":["post-4116","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"\nProfen Group - Profen Life Sciences - GDPR<\/title>\n<meta name=\"description\" content=\"GREENORM FOOD AND CONSULTANCY INC. POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA\" \/>\n<meta name=\"robots\" content=\"noindex, nofollow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Profen Group - Profen Life Sciences - GDPR\" \/>\n<meta property=\"og:description\" content=\"GREENORM FOOD AND CONSULTANCY INC. POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA\" \/>\n<meta property=\"og:url\" content=\"https:\/\/profen.com\/en\/greenorm-gdpr\/\" \/>\n<meta property=\"og:site_name\" content=\"Profen Group\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-06T10:00:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/profen.com\/wp-content\/uploads\/2020\/07\/medya-merkezi-background-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"28 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/profen.com\/en\/profen-life-sciences-gdpr\/\",\"url\":\"https:\/\/profen.com\/en\/greenorm-gdpr\/\",\"name\":\"Profen Group - Profen Life Sciences - GDPR\",\"isPartOf\":{\"@id\":\"https:\/\/profen.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/profen.com\/en\/greenorm-gdpr\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/profen.com\/en\/greenorm-gdpr\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/profen.com\/wp-content\/uploads\/2020\/07\/medya-merkezi-background-1.jpg\",\"datePublished\":\"2020-09-25T13:43:49+00:00\",\"dateModified\":\"2026-04-06T10:00:07+00:00\",\"description\":\"GREENORM FOOD AND CONSULTANCY INC. POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA\",\"breadcrumb\":{\"@id\":\"https:\/\/profen.com\/en\/greenorm-gdpr\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/profen.com\/en\/greenorm-gdpr\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/profen.com\/en\/greenorm-gdpr\/#primaryimage\",\"url\":\"https:\/\/profen.com\/wp-content\/uploads\/2020\/07\/medya-merkezi-background-1.jpg\",\"contentUrl\":\"https:\/\/profen.com\/wp-content\/uploads\/2020\/07\/medya-merkezi-background-1.jpg\",\"width\":1920,\"height\":500},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/profen.com\/en\/greenorm-gdpr\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Ana sayfa\",\"item\":\"https:\/\/profen.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Profen Life Sciences – GDPR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/profen.com\/#website\",\"url\":\"https:\/\/profen.com\/\",\"name\":\"Profen Group\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/profen.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Profen Group - Profen Life Sciences - GDPR","description":"GREENORM FOOD AND CONSULTANCY INC. POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA","robots":{"index":"noindex","follow":"nofollow"},"og_locale":"en_US","og_type":"article","og_title":"Profen Group - Profen Life Sciences - GDPR","og_description":"GREENORM FOOD AND CONSULTANCY INC. POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA","og_url":"https:\/\/profen.com\/en\/greenorm-gdpr\/","og_site_name":"Profen Group","article_modified_time":"2026-04-06T10:00:07+00:00","og_image":[{"width":1920,"height":500,"url":"https:\/\/profen.com\/wp-content\/uploads\/2020\/07\/medya-merkezi-background-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"28 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/profen.com\/en\/profen-life-sciences-gdpr\/","url":"https:\/\/profen.com\/en\/greenorm-gdpr\/","name":"Profen Group - Profen Life Sciences - GDPR","isPartOf":{"@id":"https:\/\/profen.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/profen.com\/en\/greenorm-gdpr\/#primaryimage"},"image":{"@id":"https:\/\/profen.com\/en\/greenorm-gdpr\/#primaryimage"},"thumbnailUrl":"https:\/\/profen.com\/wp-content\/uploads\/2020\/07\/medya-merkezi-background-1.jpg","datePublished":"2020-09-25T13:43:49+00:00","dateModified":"2026-04-06T10:00:07+00:00","description":"GREENORM FOOD AND CONSULTANCY INC. POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA","breadcrumb":{"@id":"https:\/\/profen.com\/en\/greenorm-gdpr\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/profen.com\/en\/greenorm-gdpr\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/profen.com\/en\/greenorm-gdpr\/#primaryimage","url":"https:\/\/profen.com\/wp-content\/uploads\/2020\/07\/medya-merkezi-background-1.jpg","contentUrl":"https:\/\/profen.com\/wp-content\/uploads\/2020\/07\/medya-merkezi-background-1.jpg","width":1920,"height":500},{"@type":"BreadcrumbList","@id":"https:\/\/profen.com\/en\/greenorm-gdpr\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Ana sayfa","item":"https:\/\/profen.com\/en\/"},{"@type":"ListItem","position":2,"name":"Profen Life Sciences – GDPR"}]},{"@type":"WebSite","@id":"https:\/\/profen.com\/#website","url":"https:\/\/profen.com\/","name":"Profen Group","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/profen.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/profen.com\/en\/wp-json\/wp\/v2\/pages\/4116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/profen.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/profen.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/profen.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/profen.com\/en\/wp-json\/wp\/v2\/comments?post=4116"}],"version-history":[{"count":2,"href":"https:\/\/profen.com\/en\/wp-json\/wp\/v2\/pages\/4116\/revisions"}],"predecessor-version":[{"id":6050,"href":"https:\/\/profen.com\/en\/wp-json\/wp\/v2\/pages\/4116\/revisions\/6050"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/profen.com\/en\/wp-json\/wp\/v2\/media\/1467"}],"wp:attachment":[{"href":"https:\/\/profen.com\/en\/wp-json\/wp\/v2\/media?parent=4116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}