Oxyvital Policies

Privacy Policy

The purpose of this Website Privacy Policy (“Privacy Policy”) is to set forth the terms and conditions regarding the processing and transfer of personal data that is shared with or generated by users/visitors/members and other individuals (“User” or “Data Subject”) during their use of the official websites of TESA MEDİKAL SAĞLIK HİZMETLERİ SAN. TİC. LTD. ŞTİ. (“Company”), namely www.tesamedikal.com.tr and www.oxyvital.com.tr (“Website”), in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”).

Personal data is processed by our Company, acting as the data controller, in accordance with the explanations provided below and within the scope of the Law.

a) Processed Personal Data

The personal data processed in connection with the User’s access to the Website and the activities performed on the Website are as follows:

  • Transaction Security Information (e.g. username, IP address)
  • On-site Navigation and Transaction Data

In cases where the relevant forms are filled out:

  • Identity Information
  • Contact Information
  • Request/Complaint Management Information

In addition to the items listed above, other personal data that may be required for the operation of the Website may also be processed in accordance with the Law.

Cookies

Cookies are small text files sent to the User by servers via browsers. Cookies may be used to provide personalized services, improve service quality, enhance page content according to the User, and offer promotional and marketing suggestions by tracking the User’s browsing behavior and usage history on the Website. Accordingly, the Company may store cookies on the User’s device for a predetermined period.

The User may choose to disable cookies or receive alerts by adjusting their browser settings.

b) Method and Legal Basis for Collecting Personal Data

Personal data is collected—either wholly or partially through automated or non-automated means—in electronic environments, via the Website, and is retained for the duration necessary for the intended purposes.

Personal data is processed based on the explicit consent of the User. However, personal data may also be processed without the need for explicit consent if one of the legal grounds set forth in Article 5(2) of the Law applies, including: (i) where it is explicitly stipulated by law, (ii) where the personal data has been made public by the data subject, (iii) where it is necessary for the protection of the life or physical integrity of the data subject or another person who is unable to express consent due to actual impossibility, (iv) where it is necessary for the establishment or performance of a contract to which the data subject is a party, (v) where it is required for the Company to fulfill its legal obligations, (vi) where it is necessary for the establishment, exercise, or protection of a right, (vii) where it is necessary for the legitimate interests of the Company, provided that it does not violate the fundamental rights and freedoms of the data subject.

c) Purposes of Processing Personal Data

The Company may process personal data obtained through the Website for the following purposes, provided that one of the legal grounds specified in Article 5(2) of the Law exists: fulfillment of legal and professional obligations explicitly stipulated by law; accurate planning and execution of our commercial relationships, partnerships, and strategies; ensuring the functionality and security of our information systems and the establishment of necessary databases; improving the services offered on the Website and resolving any system errors; and managing user requests and complaints.

If the User provides explicit consent, personal data may also be processed for the purposes of enhancing the User’s experience with the Company’s products and services (e.g. statistical analysis, profiling, and preference reporting), providing promotional and informational content (e.g. advertisements, announcements, and campaigns), personalizing services according to the User’s requests, needs, and preferences, and planning, developing, and executing corporate communication activities.

d) Transfer of Personal Data

Provided that one of the legal grounds specified in Article 5(2) of the Law is present, personal data may be transferred—limited to the purposes set forth in paragraph 1 of section (c) of this document—to our group companies, affiliates, business partners, and third-party service providers (e.g., in areas such as security, healthcare, occupational safety, legal services, hosting, etc.) engaged to fulfill our contractual or legal obligations, as well as to authorized public institutions and organizations, in accordance with the conditions specified in Articles 8 and 9 of the Law and subject to appropriate security measures.

If the User gives explicit consent, personal data may also be transferred—limited to the purposes specified in paragraph 2 of section (c)—to our group companies, affiliates, and business partners.

e) Data Security

The Company is obliged to take all necessary technical and administrative measures to ensure an appropriate level of security in order to prevent the unlawful processing of personal data, prevent unauthorized access to personal data, and ensure its safe storage.

In cases where the Website contains links to other websites or applications, the Company does not have any knowledge regarding the compliance of such third-party platforms with personal data protection regulations and assumes no responsibility for their privacy policies or content.

For more detailed information on data security, please refer to our Personal Data Protection and Processing Policy.

f) Rights of the Data Subject

In accordance with Article 10 of the Law, the Company informs the Data Subject of their rights, provides guidance on how to exercise these rights, and has implemented the necessary internal procedures as well as administrative and technical arrangements to support this process.

Pursuant to Article 11 of the Law, individuals whose personal data is collected by the Company have the right to:

  • learn whether their personal data is being processed,
  • request information regarding the processing of their personal data, and learn the purpose of the processing and whether it is being used in accordance with that purpose,
  • know the third parties to whom personal data is transferred, whether domestically or abroad,
  • request the correction of personal data if it has been processed incompletely or inaccurately,
  • request the deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of the Law,
  • request notification to third parties to whom the data has been transferred regarding the actions taken in accordance with subparagraphs (d) and (e) of Article 11 (i.e., correction and deletion),
  • object to the occurrence of a result that is to the data subject’s detriment through the exclusive analysis of personal data via automated systems,
  • request compensation for damages suffered as a result of the unlawful processing of personal data.

Requests and applications regarding the enforcement of the Law may be submitted in writing by completing the application form available on the Website and delivering it in person or via notary to the following address: “Başkent OSB Atatürk Bulvarı No: 19 Malıköy, Sincan / Ankara”.

Details regarding requests and applications, as well as the application form itself, can be found under the “Personal Data Protection” section of the Website.

By using the Website, the User declares that they have read and understood all the terms set forth in this Privacy Policy, have been informed about the processing of their personal data, and consent to the processing of such data within the scope and purposes outlined in the Privacy Policy.

The Company reserves the right to amend the provisions of this Privacy Policy at any time without prior notice, due to legal or organizational requirements.