Türkiye United States France
Türkiye United States France

General Illumination Text

COVALENT LABS İLAÇ VE KOZMETİK ANONİM ŞİRKETİ

GENERAL PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

VERSION: 1.0 Effective Date: 18 / 12 / 2025

a. Data Controller

In accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679 — "GDPR") and applicable national data protection laws, your personal data are processed by Covalent Labs İlaç ve Kozmetik Anonim Şirketi ("Company") in its capacity as data controller.

b. Purposes of Processing Personal Data

Your personal data are processed for the purposes of: conducting candidate/trainee/student selection and placement processes; carrying out applicant recruitment procedures; planning human resources processes; conducting and auditing business operations; carrying out communication activities; performing reference checks; fulfilling employment contract and statutory obligations relating to employees; ensuring lawful conduct of operations; managing employee fringe benefits and welfare processes; administering contract processes; implementing business continuity measures; creating and maintaining employee personnel files; conducting occupational health and safety activities; executing employee salary payments and payroll operations; performing finance and accounting activities; providing information to authorised persons, public institutions and organisations as required; managing assignment procedures; carrying out performance appraisal processes; administering employee leave; managing legal matters and proceedings; implementing information security and access control processes; conducting audit/ethics activities; providing training activities; conducting internal audits, investigations and intelligence activities where lawful and necessary; ensuring the security of data controller operations; executing procurement and supply-chain management processes, including supplier reconciliations; managing production and operations for goods/services; conducting sales and after-sales support; executing invoicing and tax compliance activities; operating customer relationship management and customer satisfaction activities; executing advertising, campaign and promotion processes; tracking requests and complaints; registering website memberships; conducting marketing activities for products/services; providing skin analysis services and delivering diagnostic/information related to analysis results; preparing personalised skin care recommendations and monitoring skin progress; customising products or services for individuals; and carrying out corporate governance and management activities — all limited to the personal data necessary for the relevant purposes.

c. Methods of Collection and Legal Bases for Processing

The Company collects the above personal data by means including, but not limited to, documentation, information systems, e-mail, face-to-face interviews, CCTV and audio recordings.

  • Processing is based on one or more of the following legal bases under the GDPR, as applicable to each processing operation:
  • the data subject's explicit consent (Article 6(1)(a) GDPR), where consent is required and has been obtained;
  • necessity for the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR);
  • compliance with a legal obligation incumbent on the controller (Article 6(1)(c) GDPR);
  • necessity for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject (Article 6(1)(f) GDPR); and
  • where special categories of personal data (sensitive data) are involved, processing only where one of the conditions set out in Article 9 GDPR applies (for example, explicit consent under Article 9(2)(a) or other permitted grounds).
  • Processing is performed in accordance with the principle of proportionality and with appropriate organisational and technical safeguards to protect data subjects' rights and freedoms.

d. Recipients and Purposes of Transfers

Your personal data may be disclosed to and processed by third parties strictly to the extent necessary for the purposes specified above. Recipients may include authorised persons within the Company, public authorities and institutions, business partners, service providers and contractors acting as processors or joint controllers (such as banks, tax and social-security authorities, payroll and accounting service providers, legal advisors, auditors, cloud and artificial-intelligence service providers, e-invoicing and ERP providers, trade registry and notary services, and courts or administrative bodies), and other entities where disclosure is required by law or necessary for the performance of contracts or the protection of the Company's legitimate interests. Transfers are limited to the personal data necessary for each purpose and are carried out with due regard to applicable data protection safeguards and contractual protections.

e. Rights of the Data Subject under the GDPR

You may exercise the rights afforded to data subjects under the GDPR (including, where applicable, the rights of access, rectification, erasure, restriction of processing, objection, data portability and the right not to be subject to automated decision-making) by submitting a request in accordance with Articles 15–22 and related provisions of the GDPR.

Requests may be submitted after completing the request form available on our website by one of the following means:

  • Delivered in person with wet signature or sent to our postal address via notarised mail,
  • Submitted electronically by using registered electronic mail methods accepted under applicable law, a qualified electronic signature, a mobile signature, or an e-mail address previously notified to and registered with the Company.

Postal address:

KEP address:

E-mail address: info@covalentlabs.com.tr

For more detailed information, please consult the Company's "Personal Data Protection and Processing Policy."