PRIVACY POLICY
This document is registered in our document management system as “IS-POL-002 Personal Data Protection and Privacy Policy” and is classified as a controlled document.
However, as the full text of this policy contains details about our internal processes, technical and administrative measures, infrastructure specifics, and security controls, it is classified as an internal “Confidential” document. Therefore, in accordance with our security procedures, we are unable to share the policy itself directly as an attachment or provide a public link to it.
Our Publicly Available Notices
In line with our legal obligations and our principle of transparency, we do have a publicly accessible “Privacy Notice” on our official website. This document is intended for our external stakeholders, customers, and users. It summarizes the relevant aspects of our internal policy and provides all the legally required information regarding how we process personal data.
You can typically access this notice via a link such as this:
https://oncotech.com.tr/privacy-policy
Information on Our Policy’s Scope
To provide you with assurance, I can confirm that our internal “Personal Data Protection and Privacy Policy” comprehensively covers the following key areas:
Purpose and Scope: The reason for the policy’s existence and which data processing activities it governs.
Definitions: Clarification of key terms as defined in relevant legislation like KVKK and GDPR.
Principles of Data Processing: The core principles we adhere to, such as lawfulness, fairness, transparency, purpose limitation, and data minimization.
Data Subjects’ Rights: Procedures on how data subjects can exercise their rights, including the right to access, rectify, erase (“right to be forgotten”), and object.
Data Security Measures: The technical and administrative measures we implement to protect data (e.g., access control, encryption, penetration testing, logging).
Data Breach Response Process: The steps to be followed in the event of a potential data breach, including notification obligations and responsibilities.
Roles and Responsibilities: The duties and responsibilities of the internal Data Protection Committee and other employees.
Policy Review Cycle: The defined frequency (e.g., annually) at which the policy is reviewed and updated to ensure its continued relevance and effectiveness.
In summary, yes, we have a robust and well-documented privacy policy. The public-facing version of this policy is available on our website, while the detailed internal document itself is not shared externally for security reasons.