Privacy and Personal Data Protection Policy

PRIVACY AND PERSONAL DATA PROTECTION POLICY

Protection of personal data is an important issue for Coronity Health Technologies Industry and Trade Inc. (“CORONITY”). CORONITY adopts the principles regulated by the Law on Personal Data Protection no. 6698 to comply with the procedures required by it and therefore fulfills its obligations regarding personal data processing, deletion, destruction, anonymization and transfer and informing the user about the process and data security. The Privacy and Protection of Personal Data Policy, which has been issued within this scope, is available to the real persons (“Related Person”) whose personal data are processed.

1.The Scope and Purpose of the Privacy and Personal Data Protection Policy

This Privacy and Personal Data Protection Policy explains;

a.  The methods and legal reasons for personal data collection,

b.  To which groups of individuals the personal data being processed belong (Categorization of data by groups of individuals),

c. In which category personal data is processed (Data Categories) and sample data types regarding these groups of individuals,

d. In which business processes and for what purposes this personal data are used,

e. Technical and administrative measures taken to ensure the security of personal data,

f. To whom and for what purpose the personal data can be transferred,

g. The duration of personal data retention,

h. Profiling and Segmentation

i. What rights Individuals have on their personal data and how they can exercise these rights,

j. How individuals can change their positive or negative choices regarding receiving electronic commercial messages,

k. Sharing personal data with public authorities

l. Cookie Usage and Management

a. The Methods and Legal Reasons for Collecting Personal Data

CORONITY collects personal data in audio, electronic or written formats through websites, mobile applications, social media accounts, cookies, notifications from the call center, administrative and judicial authorities, and other communication channels based on legal reasons specified in the 5th article of the Personal Data Protection Law No. 6698 such as;

  • clear prescription by law,
  • the obligation to process personal data belonging to the parties of a contract provided that it is directly related to the fulfillment or execution of the contract,
  • being made public by the individual themselves,
  • the necessity for the individual in charge of data to process it for their legitimate interests provided that it does not violate the fundamental rights and freedom of the related person,
  • the obligation to process data to establish, exercise, or protect a right.

b. Categorizing Data into Groups of Individuals

CORONITY categorizes groups of individuals whose personal data is processed while processing personal data processing as follows. In addition, personal data of other groups of individuals (consultants, educators, bloggers) can be processed in accordance with the personal data processing conditions specified in the articles 5 and 6 of the Law on PPD and in line with the legal reasons specified in this Privacy/ Protection of Personal Data Policy.

c.Data Categories and Sample Data Types

1. Online Customer Data

a) Member Customer

  • Identity Information: Name, surname, date of birth, gender, TR ID number
  • Location Information: The city and district (delivery address of the shopping made at www.coronity.com)
  • Contact Information: mobile phone, e-mail address, address, postal code, phone
  • Financial Information: Tax office, billing information
  • Customer/Member Information: Membership information, membership ID number
  • Customer / Member Transaction Information: Product(s) purchased, shopping amount, shopping date, call center interview records, commercial communication consent, campaigns/competitions participated in, coupons used, order information
  • Risk Management Information: IP address
  • Transaction Security Information: Password, password information
  • Marketing Information: Cookie records, targeting information, assessments showing habits and likes
  • Audio Data: Call center interview recordings
  • Legal Transaction and Compliance Information: The starting and ending date of the service provided, the type of the service used, the amount of data transferred, the commercial electronic message consent given by the related person at electronic platforms, the membership agreement that the person has approved, the corporate membership agreement, other legal texts and contracts that enable the use of the services offered by CORONITY
  • Marketing Information: SMSs, e-mail messages or calls made by the call center for marketing purposes based on the commercial electronic message consent given by the related person
  • Information on Demand/Complaint Management / Reputation Management: Records regarding the complaints and/or requests submitted by the related person through the website, mobile application, social media accounts or call center related to the product or service purchased and the operations realized during the evaluation or management of these requests
  • Health Information: The information obtained from the product(s) purchased by the person concerned, based on the person’s health data (respiration rate, body temperature, etc.) and the chronic diseases, the operations and hereditary diseases, drugs and supplements reported by the person through the website and mobile applications
  • Product Usage Information: Usage duration, usage starting and ending times, usage locations, sterilization times and durations from the product(s) purchased by the related person
  • Product Information: The unique ID number of the product(s) purchased by the related person (UID, MAC Address)

b) Guest Customer (users who shop without membership)

  • Identity Information: Name, surname, date of birth, gender, TR ID number
  • Location Information: The city and district (delivery address of the shopping made at www.coronity.com)
  • Contact Information: mobile phone, e-mail address, address, postal code, phone
  • Financial Information: Tax office, billing information
  • Guest Customer Transaction Information: Product(s) purchased, shopping amount, shopping date, call center interview records, commercial communication consent, benefited campaigns, order information
  • Risk Management Information: IP address
  • Transaction Security Information: Password, password information
  • Marketing Information: Cookie records, targeting information, assessments showing habits and likes
  • Audio Data: Call center interview recordings
  • Legal Transaction and Compliance Information: The starting and ending time of the service provided, the type of service used, the amount of data transferred, the commercial electronic message consent given by the related person at electronic platforms, other legal texts and contracts that enable the use of the services offered by CORONITY.
  • Marketing Information: SMSs, e-mail messages or calls made by the call center for marketing purposes based on the commercial electronic message consent given by the related person
  • Information on Demand/Complaint Management / Reputation Management: Records regarding the complaints and/or requests submitted by the related person through the website, mobile application, social media accounts or call center related to the product or service purchased and the operations realized during the evaluation or management of these requests
  • Health Information: The information obtained from the product(s) purchased by the person concerned, based on the person’s health data (respiration rate, body temperature, etc.) and the chronic diseases, the operations and hereditary diseases, drugs and supplements reported by the person through the website and mobile applications
  • Product Usage Information: Usage duration, usage starting and ending times, usage locations, sterilization times and durations from the product(s) purchased by the related person
  • Product Information: The unique ID number of the product(s) purchased by the related person (UID, MAC Address)

2. Online Visitor

  • Transaction Security Information: Password, mobile phone, password information
  • Legal Transaction Information/Risk Management Information: IP address
  • Legal Transaction and Compliance Information: The starting and ending time of the service provided, the type of service utilized, the amount of data transferred.

3. The Person To Whom The Purchased Product Will Be Delivered

  • Identity Information: Name, surname, date of birth, gender, TR ID number
  • Location Information: The city and district (delivery address of the shopping made at www.coronity.com)
  • Contact Information: mobile phone, e-mail address, address, post code, phone
  • Financial Information: Tax office, billing information

4. The Personal Data of Vendor/Supplier/Vendor Candidate/Vendor or Supplier Employee or Authority

  • Contact Information: E-mail address, Name, phone, REM address, address, mobile phone
  • Financial Information: Account number, tax administration, Tax identification number, tax plate, IBAN
  • Legal Action and Compliance Information: Signature circular, activity certificate
  • Special Qualified Personal Data / Legal Transaction Information: Signature
  • Visual Information: Photograph

d. In Which Business Processes and for What Purposes Is Personal Data Used?

1.he Personal Data of the Online Customer

a) The Personal Data of the Member Customer

  • To carry out membership transactions,
  • To improve the services offered on the e-commerce platform “www.coronity.com” (“platform”) operated by CORONITY; to develop new services and to inform public about them,
  • To analyze the preferences, likes and needs of the Member Customer with commercial electronic message consent and to provide special promotion, opportunities and benefits to the Member Customer to fulfill the Membership Agreement established with the Member Customer,
  • To promote and market applications, goods/products and services based on the preferences and likes of the Member Customer by carrying out remarketing, targeting, profiling and analysis in line with the express consent of the Member Customer,
  • To make suggestions and warnings to the Member Customer to help him/her lead a healthier life by analyzing health data and to promote and market applications, goods / products and services through profiling and mass data analysis based on the needs of the Member Customer in line with the express consent of the Member customer,
  • To resolve the problems and complaints of the Member Customer,
  • To improve the experience of the Member Customer on both platform and mobile application,
  • To keep track of accounting and purchasing transactions,
  • To monitor compliance with legal processes and legislation,
  • To answer information requests from administrative and judicial authorities,
  • To provide information and transaction security and to prevent malicious use,
  • To make necessary arrangements to ensure that the processed data is up-to-date and correct,

b) Guest Customer (users who shop on the site without being a member) Personal Data

  • To be able to do shopping as “guest” on the platforms,
  • To improve the services offered on the platforms and to develop new services and to inform public about them,
  • To analyze the preferences, likes and needs of the Guest Customer with commercial electronic message consent and to offer special promotion, opportunities and benefits to the Guest Customer,
  • To promote and market applications, goods/products and services based on the preferences and likes of the Guest Customer by carrying out remarketing, targeting, profiling and analysis in line with the express consent of the Guest Customer,
  • To make suggestions and warnings to the Guest Customer to help him/her lead a healthier life by analyzing health data and to promote and market applications, goods / products and services through profiling and mass data analysis based on the needs of the Guest Customer in line with the express consent of the Guest Customer,
  • To resolve the problems and complaints of the Guest Customer,
  • To improve the experience of the Guest Customer on both platform and mobile application,
  • To keep track of accounting and purchasing transactions,
  • To monitor compliance with legal processes and legislation,
  • To answer information requests from administrative and judicial authorities,
  • To provide information and transaction security and to prevent malicious use,
  • To make necessary arrangements to ensure that the processed data is up-to-date and correct,
  • To fulfill legal obligations.

2. The Personal Data of the Online Visitor

  • To process the data of the online visitor in accordance with the Law No. 5651,
  • To monitor compliance with legal processes and legislation,
  • To answer information requests from administrative and judicial authorities,
  • To provide information and transaction security and preventing malicious use,
  • To fulfill legal obligations.

3. The Personal Data of the Person to whom the Purchased Product will be Delivered

  • To carry out product delivery processes,
  • To keep track of accounting and purchasing transactions,
  • To monitor compliance with legal processes and legislation,
  • To answer information requests from administrative and judicial authorities,
  • To provide information and transaction security and to prevent malicious use,
  • To make necessary arrangements to ensure that the processed data is up-to-date and correct,
  • To fulfill legal obligations.

4. The Personal Data of Vendor/Supplier/Vendor Candidate/Vendor or Supplier Employee or Authority

  • Execution of contract processes,
  • Monitoring accounting and purchasing transactions,
  • Compliance with legal processes and legislation,
  • Responding to information requests from administrative and judicial authorities,
  • Providing information and transaction security and preventing malicious use
  • Making necessary arrangements to ensure that the processed data is up-to-date and correct
  • Fulfilling legal obligations

e. The Technical and Administrative Measures Taken to Secure the Personal Data

CORONITY is committed to taking all necessary technical and administrative measures and taking due care to ensure the confidentiality, integrity and security of your personal data.

CORONITY takes the necessary precautions to prevent unauthorized access, misuse of personal data, illegal processing, disclosure, alteration or destruction of personal data. CORONITY uses widely-accepted security technology standards such as firewalls and Secure Socket Layer (SSL) encryption when processing personal data. In addition, when sending your personal data to CORONITY via the website, mobile application and mobile site, it is transmitted using SSL.

To prevent unlawful access to and illegal processing of the personal data and to protect it, CORONITY;

  • protects all areas on the website or mobile application where personal data are taken with SSL,
  • creates and implements access authorization and control matrices for its employees so that the personal data collected from the website or mobile application is not illegally processed,
  • performs periodical penetration tests and tests the system’s resistance to unauthorized access to prevent unlawful access to personal data.
  • uses the Pseudonymization (alias data) method to process the secondary data which does not serve the primary processing purpose.
  • uses encryption methods in systems where Pseudonymous data is located and applies a stricter access authorization and control policy to it in order to ensure that the related individual is impossible to identify,
  • ensures that the personal data in hard copy is kept in lockers and only accessible by authorized people,
  • deletes the personal data processed via the cookies of third parties which provides services from the systems of third parties when the membership ends.

Although CORONITY takes the necessary information security measures, if the personal data is damaged or captured by unauthorized third parties as a result of attacks on the platforms operated by CORONITY or the CORONITY system, CORONITY immediately notifies you and the Board of Personal Data Protection and takes necessary measures.

f. To Whom And For What Purpose The Personal Data Can Be Transferred

CORONITY transfers personal data to third parties only for the purposes specified in this Privacy and Personal Data Protection Policy and in accordance with articles 8 and 9 of the Law on PPD. The data belonging to Member Customer/Guest Customer and the information of the person who will receive the delivery of the purchased product are shared with the vendor and the shipping company and they can also be accessed by the call center when necessary. The personal information used to issue the invoice is shared with the shipping company to send it to the related person.

The mobile phone number and/or e-mail address of the Member Customer/Guest Customer is shared with commercial electronic messaging service provider in order to promote, advertise, offer benefits and opportunities in line with shopping preferences, tastes and habits depending on commercial electronic message approval.

The website or mobile application usage preferences and browsing history is shared with our local / foreign business partners provides the cookie service in order to make segmentation and contact the Member Customer/Guest Customer in line with their tastes and preferences. The personal data transfers within this scope are carried out through the secure environment and channels provided by the relevant third party. Depending on the content and scope of the service received from third parties, pseudonymous data is transferred in all cases where the transfer of the personal data of the Member Customer / Guest Customer is not required.

In order to increase the satisfaction and loyalty of the Member Customer/Guest Customer, the data of the Member Customer/Guest Customer are shared with the companies that will conduct market research.

Within the scope of reporting, statistical analysis, research and development activities and product development activities, the data of Member Customer/Guest Customer is shared with CORONITY’s business partners, health institutions, ministries, universities, pharmaceutical companies and insurance companies.

Your personal data will be shared with our business partners abroad in order to provide business development services, obtain statistical and technical services and conduct customer relations.

If the Member Customer/Guest Customer/Online Visitor reaches CORONITY via the corporate Whatsapp line, they send their personal data abroad since the Whatsapp platform is a service located abroad. If the Member Customer/Guest Customer/Online Visitor does not want to send their personal data abroad via Whatsapp, they will be able to use the other communication opportunities provided by CORONITY.

Considering that the other party of the legal relationship is the data controller or data processor, the personal data subject to domestic and international transfer, which we mentioned above, is also protected legally due to the terms of our contracts which is in compliant with the Law on PPD, in addition to technical measures to ensure its safety.

As stated above, when transferring personal data to the countries outside of Turkey, the data transfer is carried out in accordance with this policy and in compliant with the law data security.

g. Personal Data Retention Duration

CORONITY stores the personal data it processes in accordance with the Law on PPD for the periods specified in the related legislation or required by the processing purpose. In our Personal Data Retention and Destruction Policy, these periods are approximately as follows:

Call Center voice recordings 3 years Law No. 6563 and related secondary legislation
Records regarding membership and order 10 years Law No. 6098
All records related to accounting and financial transactions 10 years Law No. 6102, Law No. 213
Cookies Maximum 540 days
Commercial e-mail confirmation records 1 year from the date of confirmation Law No. 6563 and related secondary legislation
Traffic information for online visitors 2 years Law No. 5651
Information and / or CVs received due to job applications 1 year
Personal data about Member Customer / Guest Customer 10 years after the legal relationship ends; 3 years under 6563 Law and related secondary legislation Law No. 6563, Law No. 6102, Law No. 6098, Law No. 213, Law No. 6502
Personal data about suppliers 10 years after the legal relationship ends Law No. 6102, Law No. 6098 and Law No. 213
Personal data collected for usability testing research 2 weeks

You can review our Cookie Policy about the retention durations of the personal data we obtain through cookies.

h. Profiling and Segmentation

Using the personal data that is processed in relation to the Member Customer/Guest Customer, CORONITY

a. makes use of profiling and segmentation in order to prepare content more suitable for the likes and preferences of the Member Customer/Guest Customer, and to present advertisements, promotions, discounts if the Member Customer/Guest Customer who gives consent to receive commercial electronic messages,

b. by making use of profiling and segmentation about Member Customer/Guest Customer who has not given commercial electronic message consent;

a. improves products (identifies best sellers or unpopular product categories),

b. organizes campaigns for customer groups that have the potential to buy a particular product and uploading them to the system by modeling and analyzing shopping preferences,

c. takes actions to increase sales potential.

Within the scope of profiling and segmentation processes, the personal data of the Member Customer/Guest Customer, especially name and surname, mobile phone, e-mail or address information are not used directly. Instead, operations are realized with the Member Customer/Guest Customer IDs assigned to them. The personal data of the Customer/Member is protected through the use of the data with Member Customer/Guest Customer IDs, in other words with nicknames. Member Customer/Guest Customer IDs are accessible only to the relevant people or departments within CORONITY. These IDs assigned to the Member Customers/Guest Customers are kept encrypted in the system by CORONITY and only limited number of people can access this section.

i. What are the Rights of the Individuals on their Personal Data and How They Can Use These Rights

In accordance with the article 11 of the Law on PPD, the individuals whose personal data are processed by CORONITY has the rights listed below:

  • Learning whether their personal data is processed,
  • Requesting information about it if personal data is processed,
  • Learning the purpose of personal data processing and whether they are used in line with its purpose,
  • Knowing the third parties to whom personal data are transferred domestically or internationally,
  • Requesting correction of personal data if it is incomplete or incorrectly processed,
  • Requesting deletion or destruction of personal data within the conditions specified in the article 7 of the Law on PPD,
  • Requesting notification to third parties to whom personal data are transferred about operations realized in accordance with clauses (d) and (e),
  • Objecting to a result of the automated analysis of the processed data which is against the interest of the person,
  • Requesting recovery of the damage stemming from unlawful processing of the personal data.

In order to exercise your rights on your personal data, you can access your account from the “My Account” section of CORONITY website, mobile application and mobile site and make necessary changes, updates and/or deletions. In addition, you can make your application and use your rights by using the methods specified in the “Application Form” issued in accordance with the article 13 of the Law on PPD on the website or mobile application of electronic commerce platforms operated by CORONITY.

j. How People Can Change Their Positive or Negative Choices About Receiving Electronic Commercial Messages

You can change or update your positive or negative choice regarding receiving commercial electronic messages that you have made when you subscribe to the website or mobile application of e-commerce platforms operated by CORONITY by accessing the section “My account”.

Terminating the membership does not mean the withdrawal of your consent to receive commercial electronic messages. Therefore, make sure that you have also completed all the procedures to withdraw your consent.

You can follow the steps outlined in our Cookie Policy about cookie management.

k. Personal Data Sharing with Official Authorities

CORONITY can share your traffic information such as browsing information and your personal data about your visit or membership to e-commerce platforms and mobile applications operated by CORONITY with public institutions and organizations legally authorized to request this information (in cases where CORONITY has the legal or administrative obligation to provide information, including but not limited to combating crime, threats against the state and public safety, and etc.) in order to fulfill its obligation under the law.

l. Cookie Usage and Management

You can review our Cookie Policy for more detailed information about cookies, cookie types, their purposes, storage times and cookie management used by CORONITY.

2. Conditions for Deleting, Destroying and Anonymizing Personal Data

CORONITY stores the personal data it processes through its website, mobile application or mobile site for the duration which is stipulated by the relevant laws and/or required by the purpose of processing in accordance with articles 7 and 17 of the Law on PPD and the article 138 of the Turkish Penal Code. At the end of this duration, it will delete, destroy or anonymize the personal data under the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data.

The deletion of personal data by CORONITY refers to the process of making personal data inaccessible and unusable for the users concerned. To this end, CORONITY creates and implements a user-level access authorization and control matrix. It takes necessary measures to carry out the deletion process in the database.

The destruction of personal data by CORONITY refers to the process of making personal data inaccessible, unrecoverable and unusable by anyone.

The anonymization of personal data by CORONITY refers to the process of disassociating personal data with an identified or identifiable real person even if it is matched with other data.

CORONITY describes the methods for deleting, destroying and anonymizing the personal data and the technical and administrative measures it takes in detail within the scope of the Personal Data Retention and Destruction Policy prepared pursuant to the Regulation on the Deletion, Destruction or Anonymization of Personal Data. The duration for the periodic destruction stipulated by the Regulation is determined as 6 months in this Policy.

3.Amendments to the Privacy/Personal Data Protection Policy

CORONITY can make changes to this Privacy/Personal Data Protection Policy at any time. These changes take effect immediately with the release of the new, modified Privacy/Personal Data Protection Policy. Our members will be informed about the changes in this Privacy/Personal Data Protection Policy.