Personal Data Protection
and Processing Policy
CHAPTER 1 - INTRODUCTION
1.1 Introduction
Protection of personal data is among the most important priorities of ROXALL MEDICINE İLAÇ İTHALALAT İHRACAT SANAYİ VE TİCARET LTD. ŞTİ ("ROXALL" or "Company") and makes maximum efforts to comply with all applicable legislation in this regard. Within the framework of this Company Personal Data Protection and Processing Policy ("Policy"), the principles adopted in the conduct of personal data processing activities carried out by our Company and the basic principles adopted in terms of compliance of our Company's data processing activities with the regulations contained in the Personal Data Protection Law No. 6698 ("Law") are explained and thus our Company provides the necessary transparency by informing the personal data owners. With full awareness of our responsibility within this scope, your personal data is processed and protected within the scope of this Policy.
1.2 Scope
This Policy relates to all personal data of persons, including employees of our Company, processed in whole or in part by automatic means or by non-automatic means, provided that they are part of any data recording system.
1.3 Implementation of the Policy and Related Legislation
The relevant legal regulations in force regarding the processing and protection of personal data will primarily apply. In case of incompatibility between the legislation in force and the Policy, our Company accepts that the legislation in force will be applied. The Policy regulates the rules set forth by the relevant legislation by concretizing them within the scope of Company practices.
1.4 Enforcement of the Policy
The effective year of this Policy is 2022.
This Policy is published on the Company's website [https://www.roxall.com.tr*] and made available to the relevant persons upon the request of personal data owners.
SECTION 2 - ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA
2.1. Ensuring the Security of Personal Data
In accordance with Article 12 of the Law, our Company takes the necessary measures according to the nature of the data to be protected in order to prevent unlawful disclosure, access, transfer or other security deficiencies that may occur in other ways. In this context, our Company takes administrative measures to ensure the necessary level of security in accordance with the guidelines published by the Personal Data Protection Board ("Board"), conducts audits or has them conducted.
2.2. Protection of Special Categories of Personal Data
The Law attaches special importance to certain personal data due to the risk of causing victimization or discrimination when processed unlawfully. These data are; race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
The Company acts sensitively in the protection of personal data of special nature, which is determined as "special quality" by the Law and processed in accordance with the law. In this context, technical and administrative measures taken by the Company for the protection of personal data are carefully implemented in terms of special categories of personal data and necessary audits are provided within the Company.
Detailed information on the processing of special categories of personal data is provided in section 3.3. ("Processing of Special Categories of Personal Data") of this Policy.
2.3. Awareness Raising and Audit of Business Units on Protection and Processing of Personal Data
The Company ensures that the necessary trainings are organized for the business units in order to raise awareness to prevent unlawful processing of personal data, unlawful access to personal data and to ensure the protection of personal data.
Necessary systems are established to raise the awareness of the Company employees on the protection of personal data, and the Company works with consultants if needed on the subject. In this direction, our Company evaluates the participation in relevant trainings, seminars and information sessions and updates and renews its trainings in parallel with the updating of the relevant legislation.
SECTION 3 - ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA
3.1. Processing of Personal Data in Compliance with the Principles Stipulated in the Legislation
3.1.1. Processing in accordance with the Law and Good Faith
The Company acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. Within this framework, personal data are processed to the extent and limited to the extent required by the business activities of our Company.
3.1.2. Ensuring that Personal Data is Accurate and Up-to-Date When Necessary
The Company takes the necessary measures to ensure that personal data is accurate and up-to-date throughout the period of processing and establishes the necessary mechanisms to ensure the accuracy and currency of personal data for certain periods of time.
3.1.3. Processing for Specific, Explicit and Legitimate Purposes
The Company clearly sets out the purposes of processing personal data and processes it within the scope of purposes related to these activities in line with its business activities.
3.1.4. Being relevant, limited and proportionate to the purpose for which they are processed
The Company collects personal data only to the extent and quality required by its business activities and processes it limited to the specified purposes.
3.1.5. Storage for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed
The Company retains personal data for the period required for the purpose for which they are processed and for the minimum period stipulated in the legal legislation to which the relevant activity is subject. In this context, our Company first determines whether a period of time is stipulated for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period required for the purpose for which they are processed. Personal data are destroyed at the end of the specified storage periods in accordance with the periodic destruction periods or the data owner's application and with the specified destruction methods (deletion and/or destruction and/or anonymization).
3.2. Terms of Processing Personal Data
Except for the explicit consent of the personal data owner, the basis of the personal data processing activity may be only one of the following conditions, or more than one condition may be the basis of the same personal data processing activity. In the event that the processed data is personal data of special nature, the conditions set out in section 3.3 of this Policy ("Processing of Personal Data of Special Nature") shall apply.
i. Explicit Consent of the Personal Data Owner
One of the conditions for processing personal data is the explicit consent of the data owner. The explicit consent of the personal data owner must be related to a specific subject, based on information and free will.
In the presence of the following personal data processing conditions, personal data can be processed without the explicit consent of the data owner.
ii. Explicitly Stipulated in the Laws
If the personal data of the data owner is explicitly stipulated in the law, in other words, if there is a clear provision in the relevant law regarding the processing of personal data, it can be said that this data processing condition exists.
iii. Failure to Obtain the Explicit Consent of the Data Subject Due to Actual Impossibility
The personal data of the data subject may be processed if it is mandatory to process the personal data of the person who is unable to disclose his/her consent due to actual impossibility or whose consent cannot be recognized as valid, in order to protect the life or physical integrity of himself/herself or another person.
iv. Direct Relevance to the Establishment or Performance of the Contract
Provided that it is directly related to the establishment or performance of a contract to which the data subject is a party, this condition may be deemed to be fulfilled if the processing of personal data is necessary.
v. Fulfillment of the Company's Legal Obligation
The personal data of the data subject may be processed if processing is mandatory for our company to fulfill its legal obligations.
vi. Publicization of Personal Data by the Personal Data Owner
If the data owner has made his/her personal data public, the relevant personal data may be processed limited to the purpose of publicization.
vii. Data Processing is Mandatory for the Establishment or Protection of a Right
If data processing is mandatory for the establishment, exercise or protection of a right, the personal data of the data subject may be processed.
viii. Data Processing is Mandatory for the Legitimate Interest of our Company
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is mandatory for the legitimate interests of our Company.
3.3. Processing of Special Categories of Personal Data
Sensitive personal data are processed by our Company in accordance with the principles set out in this Policy and by taking all necessary administrative and technical measures, including the methods to be determined by the Board, and in the presence of the following conditions:
(i) Sensitive personal data other than health and sexual life may be processed without seeking the explicit consent of the data subject if it is expressly stipulated in the law, in other words, if there is a clear provision regarding the processing of personal data in the law to which the relevant activity is subject. Otherwise, the explicit consent of the data subject shall be obtained for the processing of such special categories of personal data.
(ii) Special categories of personal data relating to health and sexual life may be processed without seeking explicit consent by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. Otherwise, the explicit consent of the data subject shall be obtained for the processing of such special categories of personal data.
3.4. Informing the Personal Data Owner
The Company enlightens personal data subjects in accordance with Article 10 of the Law and secondary legislation. In this context, the Company informs the data subjects about the purposes for which personal data is processed by the Company as the data controller, the purposes for which it is shared with whom, the methods by which it is collected and the legal reason and the rights of the data subjects within the scope of the processing of their personal data.
3.5. Processing of Data Processed by Group Companies by the Company
Personal data processed by the Company may also be processed by the Company in order to carry out the activities of the Company in accordance with the principles, objectives and strategies of the group companies and to protect the rights and interests of the Company and its reputation. In the event that personal data sharing between the Company and other group companies takes place within the scope of personal data transfer from the data controller to the data controller within the scope of the Law, the relevant group company informs the relevant person that personal data may be sent to the Company during the personal data collection phase.
3.6. Transfer of Personal Data
Our Company may transfer the personal data and sensitive personal data of the personal data owner to third parties (third party companies, public and private authorities, group companies, third real persons) by taking the necessary security measures in line with the lawful personal data processing purposes. In this respect, our Company acts in accordance with the regulations stipulated in Article 8 of the Law. Detailed information on this subject can be accessed from the document of this Policy ("- Third Parties to whom Personal Data is Transferred by our Company and Purposes of Transfer").
3.6.1 Transfer of Personal Data
Even without the explicit consent of the personal data owner, personal data may be transferred to third parties by taking all necessary security measures, including the methods stipulated by the Board, with due care by our Company if one or more of the following conditions exist.
- The relevant activities regarding the transfer of personal data are clearly stipulated in the laws,
- The transfer of personal data by the Company is directly related and necessary for the establishment or performance of a contract,
- The transfer of personal data is mandatory for our Company to fulfill its legal obligation,
- Transfer of personal data by our Company limited to the purpose of publicization, provided that the personal data has been made public by the data owner,
- The transfer of personal data by the Company is mandatory for the establishment, use or protection of the rights of the Company or the data owner or third parties,
- It is mandatory to carry out personal data transfer activities for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data owner,
- It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid.
In addition to the above, personal data may be transferred to foreign countries declared by the Board to have adequate protection ("Foreign Country with Adequate Protection") in the presence of any of the above conditions. In the absence of adequate protection, in accordance with the data transfer conditions stipulated in the legislation, personal data may be transferred to foreign countries where the data controllers in Turkey and the relevant foreign country undertake adequate protection in writing and where the Board has permission ("Foreign Country Where the Data Controller Undertakes Adequate Protection").
3.6.2 Transfer of Sensitive Personal Data
Sensitive personal data may be transferred by our Company in accordance with the principles set forth in this Policy and by taking all necessary administrative and technical measures, including the methods to be determined by the Board, and in the presence of the following conditions:
(i) Sensitive personal data other than health and sexual life may be processed without seeking the explicit consent of the data owner if it is expressly stipulated in the law, in other words, if there is a clear provision regarding the processing of personal data in the relevant law. Otherwise, the explicit consent of the data subject shall be obtained.
(ii) Sensitive personal data relating to health and sexual life may be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking explicit consent. Otherwise, the explicit consent of the data subject shall be obtained. In addition to the above, personal data may be transferred to Foreign Countries with Adequate Protection in the presence of any of the above conditions. In the absence of adequate protection, personal data may be transferred to Foreign Countries where there is a Data Controller Committed to Adequate Protection in line with the data transfer conditions stipulated in the legislation.
SECTION 4 - CATEGORIZATION OF PERSONAL DATA PROCESSED BY OUR COMPANY AND PURPOSES OF PROCESSING
In accordance with Article 10 of the Law and secondary legislation, personal data are processed by our Company by informing the relevant persons in accordance with Article 10 of the Law and secondary legislation, in line with the personal data processing purposes of our Company, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, in accordance with the general principles specified in the Law, especially the principles specified in Article 4 of the Law regarding the processing of personal data. Detailed information on the purposes of processing such personal data is provided in the annex of the Policy ("Personal Data Processing Purposes").
SECTION 5 - STORAGE AND DESTRUCTION OF PERSONAL DATA
Our Company retains personal data for the period required for the purpose for which they are processed and in accordance with the minimum periods stipulated in the legal legislation to which the relevant activity is subject. In this context, our Company first determines whether a period of time is stipulated for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period required for the purpose for which they are processed. Personal data are destroyed at the end of the specified storage periods in accordance with the periodic destruction periods or the data owner's application and with the specified destruction methods (deletion and/or destruction and/or anonymization).
SECTION 6 - RIGHTS OF PERSONAL DATA SUBJECTS AND EXERCISE OF THESE RIGHTS
6.1. Rights of the Personal Data Owner
Personal data subjects have the following rights:
(1) To learn whether personal data is processed,
(2) To request information if personal data has been processed,
(3) To learn the purpose of processing personal data and whether it is used in accordance with its purpose,
(4) To know the third parties to whom personal data is transferred domestically or abroad,
(5) To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
(6) Although it has been processed in accordance with the provisions of the Law and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
(7) To object to the occurrence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,
(8) To request compensation for the damage in case of damage due to unlawful processing of personal data.
6.2. Exercise of Rights by the Personal Data Owner
Personal data owners will be able to submit their requests regarding their rights listed in section 6.1. ("Rights of the Personal Data Owner") to our Company by the methods determined by the Board. In this direction, they can benefit from the "Data Owner Application Form" available at https://www.roxall.com.tr.
6.3. Our Company's Response to Applications
Our Company takes the necessary administrative and technical measures to finalize the applications to be made by the personal data owner in accordance with the Law and secondary legislation. In the event that the personal data owner duly submits his/her request regarding the rights set out in section 6.1. ("Rights of the Personal Data Owner") to our Company, our Company will finalize the relevant request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Board.
SECTION 7 - SPECIAL CASES WHERE PERSONAL DATA ARE PROCESSED
7.1. Building, Facility Entrances and Personal Data Processing Activities Conducted within the Building Facility and Website Visitors
In order to ensure security, the Company carries out personal data processing activities for the monitoring of guest entrances and exits with security cameras in Company buildings and facilities.
7.2. Camera Surveillance Activities Conducted at the Entrances and Inside the Company's Buildings and Facilities
The Company carries out camera surveillance activities in accordance with the Law on Private Security Services and the relevant legislation in order to ensure security in its buildings and facilities. The Company carries out security camera surveillance activities in order to ensure security in its buildings and facilities, for the purposes stipulated in the relevant legislation in force and in accordance with the personal data processing conditions listed in the Law.
In accordance with Article 10 of the Law, the personal data owner is informed by the Company by more than one method regarding the camera surveillance activity. In addition, in accordance with Article 4 of the Law, the Company processes personal data in a limited and measured manner in connection with the purpose for which they are processed.
The purpose of the Company's video camera monitoring activity is limited to the purposes listed in this Policy. Accordingly, the monitoring areas, the number and the time of monitoring of the security cameras are sufficient to achieve the security purpose and are limited to this purpose. Areas that may result in interference with the privacy of the person in a way that exceeds the security purposes (for example, toilets) are not subject to monitoring.
Only a limited number of Company employees have access to the records recorded and stored in digital media with live camera images. The limited number of people who have access to the records declare that they will protect the confidentiality of the data they access with a confidentiality undertaking.
7.3. Monitoring of Guest Entry and Exit at the Entrances of Company Buildings, Facilities and Inside
Personal data processing activities are carried out by the Company for the purposes of ensuring security and for the purposes specified in this Policy, for the tracking of guest entrances and exits in the Company buildings and facilities.
While the names and surnames of the persons who come to the Company buildings as guests are obtained or through the texts posted in the Company or otherwise made available to the guests, the personal data owners in question are enlightened in this context. The data obtained for the purpose of tracking guest entry-exit are processed only for this purpose and the relevant personal data are recorded in the data recording system in physical environment.
SECTION 8 - THE RELATIONSHIP OF THE COMPANY'S PERSONAL DATA PROTECTION AND PROCESSING POLICY WITH OTHER POLICIES
In addition to the sub-policies for internal use regarding the protection and processing of personal data related to the principles set forth in this Policy, the Company also establishes basic policies for group companies.
The principles of the Company's internal policies are reflected in publicly available policies to the extent relevant, and it is aimed to inform those concerned within this framework and to ensure transparency and accountability regarding the personal data processing activities carried out by the Company.
ANNEX 1 - Purposes of Processing Personal Data
| MAIN OBJECTIVES (PRIMARY) | SUB-OBJECTIVES (SECONDARY) |
| Planning and Execution of the Company's Human Resources Policies and Processes | Execution of Personnel Recruitment Processes |
| Carrying out the necessary work by our relevant business units for the realization of the commercial activities carried out by the Company and the execution of related business processes | Event Management Planning and Execution of Corporate Communication Activities Planning Information Security Processes, Establishment and Management of Information Technology Infrastructure Monitoring of Finance and/or Accounting Planning and Execution of Corporate Sustainability Activities Planning and Execution of Corporate Sustainability Activities Performing Effectiveness/Efficiency and/or Relevance Analysis of Business Activities Planning and/or Execution of Business Activities Planning and Execution of Corporate Governance Activities |
| Planning and Execution of the Company's Commercial and/or Business Strategies | Management of Relations with Business Partners, Group Companies, Subsidiaries, and/or Suppliers Execution of Strategic Planning Activities |
| Planning and Execution of Human Resources Policies and Processes of the Company and Group Companies | Employee Demand and Complaint Management Planning the analysis and improvement activities related to the wage management of Group Companies Planning and supporting the processes of providing fringe benefits and benefits to the employees of the Company and Group Companies Planning the wage management activities of the Company's employees Planning and supporting processes related to the training and career development of employees of the company and group companies Planning and managing processes to increase the satisfaction and loyalty of employees of the company and group companies Intern and/or Student Recruitment, Planning and/or Execution of the Settlement and Operation Processes |
| Strategic Human Resources Planning of the Company and Group Companies, Backup Processes and | Managing the processes related to the performance evaluation of company employees |
| Supporting Organizational Development Activities | Supporting the Company's development and succession planning activities Supporting the management of the appointment and promotion processes of personnel and managers within the Company |
| Planning and Execution of Company Audit Activities | Supporting the misconduct reporting and investigation processes of the Company and group companies Planning and Execution of Audit Activities to Ensure that Company Activities are Conducted in Compliance with Group Companies' Procedures and Relevant Legislation |
| Ensuring the legal, technical and commercial-business security of the Company and related persons who are in business relations with the Company | Follow-up of Legal Affairs Creation and Follow-up of Visitor Records Planning and Execution of Operational Activities Required to Ensure that Company Activities are Conducted in Accordance with Company Procedures and/or Relevant Legislation Ensuring the Security of Company Fixtures and/or Resources Ensuring the Security of Company Operations Authorized Providing Legislative Information to Organizations Performing Company and Partnership Law Transactions Assisting in Performing Company and Partnership Law Transactions Ensuring that Data is Accurate and Up-to-Date Ensuring the Security of Company Premises and/or Facilities Planning and Execution of Company Audit Activities |
ANNEX 2 - Personal Data Subjects
| PERSONAL DATA OWNER | EXPLANATION |
| Company Customer | Natural persons whose personal data are obtained through the Company's business relations within the scope of the operations carried out by the Company's business units, regardless of whether they have any contractual relationship with the Company |
| Visitor | Natural persons who have entered the physical premises owned by the Company for various purposes or who visit our websites |
| Employee Candidate | Real persons who have applied for a job to the Company by any means or who have opened their CV and related information to the Company's review. |
| Company Employee | Employees of Group Companies whose personal data are processed within the framework of activities carried out by the Company such as efficiency, employee satisfaction, human resources, audit, ensuring information technology security and infrastructure, legal compliance, etc. |
| Family Members and Relatives | Spouses, children and relatives of data subjects whose personal data are processed under this Policy within the framework of the activities carried out by the Company |
| Third Person | Other natural persons not covered by this Policy and the Company Employees Personal Data Protection and Processing Policy (e.g. guarantors, companions, former employees) |
| Company Supplier | Real persons who are officers or shareholders of the employees of the party providing services to the Company on a contractual basis in accordance with the Company's orders and instructions while carrying out the Company's commercial activities. |
| Company Shareholder | Real persons who are shareholders of the Company |
| Company Official | Members of the Company's board of directors and other authorized real persons |
| Employees, Shareholders and Authorities of the Institutions We Cooperate with | Natural persons working in organizations with which the Company has any kind of business relationship (such as, but not limited to, business partners, suppliers), including shareholders and officials of these organizations |
Annex 3 - Categories of Personal Data
| PERSONAL DATA CATEGORIZATION | PERSONAL DATA CATEGORIZATION DESCRIPTION |
| Identity Information | Data containing information about the identity of the person; name-surname, Turkish ID number, nationality, place of birth, date of birth, gender, workplace information, registration number, tax number, title, biography, etc. and documents such as driver's license, professional ID, identity card and passport |
| Contact Information | Telephone number, address, e-mail address, fax number, etc. |
| Transaction Security Information | Your personal data processed to ensure our technical, administrative, legal and commercial security during the execution of our activities (e.g. log records, IP information, authentication information) |
| Transaction Information | Data such as survey information, declaration information, shopping information, call center records, membership information, cookie records, which are processed within the framework of the activities carried out by the Company, related to the services provided or to protect the legal and other interests of the Company and the personal data owner |
| Family Members and Relatives | Information about the personal data owner's family members (e.g. spouse, mother, father, child), relatives and other persons who can be reached in case of emergency within the framework of the activities carried out by the Company, related to the services provided or processed to protect the legal and other interests of the Company and the personal data owner |
| Physical Space Security Information | Personal data relating to records and documents taken at the entrance to the physical space, during the stay in the physical space; camera records, vehicle information records and records taken at the security point, etc. |
| Financial Information | Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship established by the Company with the personal data owner, and data such as bank account number, IBAN number, income information, debt / receivable information |
| Audio/Visual Information | Photographs and camera recordings (excluding recordings within the scope of Physical Space Security Information) and audio recordings |
| Sensitive Personal Data | Data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data |
| Legal Procedure and Compliance Knowledge | Personal data processed within the scope of determination and follow-up of our legal receivables and rights and performance of our debts and compliance with our legal obligations and our Company's policies |
| Audit and Inspection Information | Personal data processed for the execution of our Company's operational, financial, fraud and compliance audit activities |
| Request/Complaint Management Information | Personal data regarding the receipt and evaluation of any request or complaint addressed to the Company |
In accordance with Articles 8 and 9 of the KVK Law, the Company may transfer the personal data of the data owners governed by this Policy to the following categories of persons:
(i) Company business partners,
(ii) Company suppliers,
(iii) Company group companies,
(iv) Legally Authorized public institutions and organizations
(v) Legally Authorized private law persons
ANNEX 4 - Third Parties to whom Personal Data is Transferred by our Company and Purposes of Transfer
The scope of the above-mentioned persons to whom data is transferred and the purposes of data transfer are stated below.
| Persons to whom data can be transferred | Definition | Data Transfer Purpose |
| Business Partner | It defines the parties with which the Company has established business partnerships for purposes such as carrying out various projects and receiving services, either personally or together with the Company, while carrying out its commercial activities. Banks etc. | Limited to ensure the fulfillment of the purposes for which the joint venture was established |
| Supplier | Defines the parties that provide services to the Company on a contractual basis in accordance with the Company's orders and instructions while carrying out the Company's commercial activities. | Limited to the purpose of providing the Company with the services outsourced by the Company from the supplier and necessary to fulfill the Company's commercial activities. |
| Group Companies | Group companies | Limited to ensuring the conduct of business activities requiring Group participation |
| Legally Authorized Public Institutions and Organizations | Public institutions and organizations authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislation | Limited to the purpose requested by the relevant public institutions and organizations within the legal authority |
| Legally Authorized Private Law Persons | Private law persons authorized to obtain information and documents from the Company in accordance with the provisions of the relevant legislation | Limited to the purpose requested by the relevant private law persons within their legal authority |
