Personal Data Protection Notice
VeriFAST – Veritas Clinical Research and Trade Limited Company
1. Data Controller
This Privacy Notice has been prepared by Veritas Clinical Research and Trade Limited Company (“Company”) as the data controller in accordance with applicable data protection legislation, including KVKK and relevant international regulations.
2. Purposes of Processing Personal Data
Personal data are processed for the following purposes:
Operating the VeriFAST system securely and efficiently
User authentication and authorization processes
Ensuring system and information security
Fulfilling legal obligations
Managing risk, audit, and compliance processes
Informing authorized public institutions and authorities
3. Types of Personal Data Processed
The Company may process, but is not limited to, the following categories of personal data:
Identity information
Contact information
User activity and access logs
IP address and system records
Security and authorization data
Sensitive personal data are processed only where legally permitted.
4. Transfer of Personal Data
Personal data may be transferred to:
Authorized public institutions and authorities,
Legal and regulatory bodies,
Technical service providers and infrastructure partners,
in accordance with Articles 8 and 9 of KVKK and applicable regulations.
5. Method and Legal Basis of Data Collection
Personal data are collected through:
VeriFAST web-based systems,
Electronic and digital platforms,
Information systems and logs,
by automatic or partially automatic means.
Legal bases for processing include legal obligation, contractual necessity, legitimate interest, and explicit consent where required.
6. Rights of Data Subjects
Data subjects have the right to:
Learn whether personal data are processed
Request information regarding processed data
Request correction, deletion, or destruction
Object to unlawful processing
Claim compensation in case of damages
in accordance with applicable data protection laws.
7. Contact and Applications
Requests regarding personal data protection may be submitted to the Company in writing or through legally accepted communication channels. Requests will be concluded within statutory time limits.
