SB İÇ GİYİM|kişisel veriler
top of page

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

Protection of personal data, Serpil Ivy Tekstil Ltd. Sti.

of our company. is among its top priorities. The most important part of this issue is the protection and processing of personal data of our employee candidates, company officials, visitors, employees, shareholders and officials of the institutions we cooperate with, and third parties governed by this Policy.

According to the Turkish Constitution, everyone has the right to demand the protection of their personal data. Regarding the protection of personal data, which is a right guaranteed by the Constitution, the company, governed by this Policy; pays due attention to the protection of personal data of employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of the institutions with which it cooperates, and third parties, and makes this a company policy.

In this context, necessary administrative and technical measures are taken by the company for the protection of personal data processed within the framework of legal legislation.

The basic principles adopted by the company in the processing of personal data in this Policy are as follows;

  • Processing personal data in accordance with the law and honesty rules,

  • Keeping personal data accurate and up-to-date when necessary,

  • Processing personal data for specific, explicit and legitimate purposes,

  • Processing personal data in connection with the purpose for which they are processed, limited and measured,

  • Keeping personal data for as long as required by the relevant legislation or for the purpose for which they are processed,

  • Enlightening and informing personal data owners,

  • Establishing the necessary system for personal data owners to exercise their rights,

  • To take the necessary measures in the protection of personal data,

  • To act in accordance with the relevant legislation and KVK Board regulations in the transfer of personal data to third parties in line with the requirements of the processing purpose,

  • To show the necessary sensitivity to the processing and protection of sensitive personal data.

ARTICLE 1: PURPOSE OF THE POLICY

The main purpose of the policy is the personal data processing activity carried out by the company in accordance with the law, and in this context, our company's personal data, especially our customers, employees, employee candidates, company officials, visitors, employees, shareholders and officials of the institutions we cooperate with, and third parties. To ensure transparency and trust by informing the persons processed by

ARTICLE 2: CONTENT AND DEFINITIONS

This Policy; Automatic or any data recording system of our employees, employee candidates, company officials, visitors, employees, shareholders and officials of the institutions we cooperate with, and third parties

It relates to all personal data processed by non-automatic means, provided that it is a part of it.

The scope of application of this Policy regarding the groups of personal data owners in the categories mentioned above may be the whole of the Policy; it can only be a part of it.

The definitions of the concepts in this policy text are as follows:

Recipient group: The natural or legal person category to which personal data is transferred by the data controller.

Explicit consent: Consent about a specific subject, based on information and expressed with free will

Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching it with other data.

Employee: Company personnel

Electronic media: Environments where personal data can be created, read, changed and written with electronic devices.

Non-electronic media: All written, printed, visual, etc., other than electronic media. other environments

Service provider: Real or legal person who provides service within the framework of a certain contract with the Institution.

Contact Person: Natural person whose personal data is processed

Relevant user: Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data.

Destruction: Deletion, destruction or anonymization of personal data

Law : Law on Protection of Personal Data No. 6698

Recording medium: Any medium in which personal data is fully or partially automated or processed by non-automatic means, provided that it is a part of any data recording system.

Personal data: Any information relating to an identified or identifiable natural person.

Personal data processing inventory: Personal data processing activities carried out by data controllers depending on their business processes; The inventory they have created by associating the personal data with the processing purposes and legal reason, the data category, the transferred recipient group and the data subject group, explaining the maximum storage period required for the purposes for which the personal data is processed, the personal data planned to be transferred to foreign countries and the precautions taken regarding data security.

Processing of personal data: Obtaining, recording, storing, retaining, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system. all kinds of operations performed on the data, such as preventing its use or use.

Board: Personal Data Protection Board

Special categories of personal data: Data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data

Periodic destruction: In the event that all of the personal data processing conditions in the law are eliminated, the deletion, destruction or anonymization process that will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy

Policy: Personal Data Retention and Disposal Policy

Company : Serpil İvy Tekstil Ltd. Sti.

Data processor: Real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Data registration system: The registration system in which personal data is processed and structured according to certain criteria.

Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Data controllers registry information system: An information system created and managed by the Presidency, accessible over the internet, to be used by data controllers in their application to the Registry and other related transactions.

VERBIS : Data Controllers Registry Information System

Regulation : Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28 October 2017

ARTICLE 3: IMPLEMENTATION OF THE POLICY AND RELEVANT LEGISLATION

Relevant legal regulations in force on the processing and protection of personal data will primarily find application. In case of inconsistency between the current legislation and the Policy, our Company accepts that the applicable legislation will find an area of application.

The policy is formed by concretizing and arranging the rules set forth by the relevant legislation within the scope of Company practices.

ARTICLE 4: ENFORCEMENT OF THE POLICY

This Policy, issued by our company, enters into force on the day it is published on our website. If there is any innovation or change in the policy, the effective date will be updated.

The policy is published on the website of our Company and made available to the relevant persons upon the request of the personal data owners.

ARTICLE:5 ISSUES REGARDING THE PROTECTION OF PERSONAL DATA

In accordance with Article 12 of the KVKK, our company takes all necessary administrative, technical and legal measures to prevent the unlawful processing of the personal data it processes, to prevent unlawful access to the data, and to ensure appropriate security in order to ensure the preservation of the data, and in this context, it carries out all necessary audits. provides.

ARTICLE 6: ENSURING THE SECURITY OF PERSONAL DATA

6.1 Technical and Administrative Measures Taken to Ensure Legal Processing of Personal Data

Our company takes technical and administrative measures according to technological possibilities and implementation costs in order to ensure that personal data is processed in accordance with the law.

6.1.1 Technical Measures Taken to Ensure Legal Processing of Personal Data

The main technical measures taken by our company to ensure the legal processing of personal data are listed below:

  1. Personal data processing activities carried out within our company are audited by established technical systems.

  2. The technical measures taken are periodically reported to the relevant person in accordance with the internal audit mechanism.

  3. Personnel knowledgeable in technical matters are employed.

6.1.2 Administrative Measures Taken to Ensure Legal Processing of Personal Data

The main administrative measures taken by our company to ensure the legal processing of personal data are listed below:

  1. Employees are informed and trained about the law of protection of personal data and the processing of personal data in accordance with the law.

  1. All activities carried out by our company are analyzed in detail specific to all business units, and as a result of this analysis, personal data processing activities specific to the commercial activities carried out by the relevant business units are revealed.

  2. Personal data processing activities carried out by our company's business units; The requirements to be fulfilled in order to ensure that these activities comply with the personal data processing conditions sought by the Law No. 6698 are determined by each business unit and the detailed activity it carries out.

  3. In order to meet the legal compliance requirements determined by our business units, awareness is created specific to the relevant business units and implementation rules are determined; Necessary administrative measures are implemented through internal policies and trainings to ensure the control of these issues and the continuity of implementation.

  4. Contracts and documents governing the legal relationship between our company and employees, except for the Company's instructions and the exceptions made by law, include records that impose the obligation not to process, disclose or use personal data, and raise awareness of employees on this issue and carry out audits.

6.2 Technical and Administrative Measures Taken to Prevent Unlawful Access to Personal Data

Our company takes technical and administrative measures according to the nature of the data to be protected, technological possibilities and the cost of implementation in order to prevent the imprudent or unauthorized disclosure, access, transfer or any other unlawful access to personal data.

6.2.1 Technical Measures Taken to Prevent Unlawful Access to Personal Data

The main technical measures taken by our company to prevent unlawful access to personal data are listed below:

  1. Technical measures are taken in accordance with the developments in technology, the measures taken are periodically updated and renewed.

  2. Access and authorization technical solutions are implemented in accordance with the legal compliance requirements determined on a business unit basis.

  3. The technical measures taken are periodically reported to the relevant person in accordance with the internal audit mechanism, the issues posing a risk are re-evaluated and the necessary technological solution is produced.

  4. Software and hardware including virus protection systems and firewalls are installed.

  5. Personnel knowledgeable in technical matters are employed.

6.2.2 Administrative Measures Taken to Prevent Unlawful Access to Personal Data

The main administrative measures taken by our company to prevent unlawful access to personal data are listed below:

  1. Employees are trained on technical measures to be taken to prevent unlawful access to personal data.

  2. Access to personal data and authorization processes are designed and implemented within the Company in accordance with business unit-based legal compliance requirements.

  3. Employees are informed that the personal data they learn cannot be disclosed to others in violation of the provisions of the KVK Law and cannot be used for purposes other than processing, and that this obligation will continue after they leave their job, and necessary commitments are taken from them in this direction.

  4. Contracts concluded by our company with the persons to whom personal data are transferred in accordance with the law; Provisions are added that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and ensure that these measures are complied with in their own institutions.

6.3 Storing Personal Data in Secure Environments

Our company takes the necessary technical and administrative measures according to the technological possibilities and implementation cost in order to store personal data in secure environments and to prevent their destruction, loss or alteration for unlawful purposes.

6.3.1 Technical Measures Taken for Storing Personal Data in Secure Environments

The main technical measures taken by our company to store personal data in secure environments are listed below:

  1. Systems suitable for technological developments are used to store personal data in secure environments.

  2. Technical personnel are employed.

  3. Technical security systems are established for the storage areas, the technical measures taken are periodically reported to the relevant person in accordance with the internal audit mechanism, the risky issues are reevaluated and the necessary technological solution is produced.

  4. In order to ensure that personal data is stored securely, backup programs are used in accordance with the law.

6.3.2 Administrative Measures to Keep Personal Data in Secure Environments

The main administrative measures taken by our company to store personal data in secure environments are listed below:

  1. Employees are trained to ensure that personal data is stored securely.

  2. In the event that an external service is received by our company due to technical requirements regarding the storage of personal data, the contracts concluded with the relevant companies to which the personal data is transferred in accordance with the law; There are provisions regarding that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and that these measures will be complied with in their own establishments.

6.4 Supervision of Measures Taken for the Protection of Personal Data

Our company carries out the necessary inspections within its own body or has it done in accordance with the 12th article of the KVKK. The results of these audits are reported to the relevant unit within the scope of the internal operation of the company and necessary activities are carried out to improve the measures taken.

6.5 Measures to be Taken in Case of Unauthorized Disclosure of Personal Data

Our company will ensure that the personal data processed in accordance with Article 12 of the KVKK is obtained by others illegally, and this situation is reported to the relevant personal data owner and the KVK Board as soon as possible.

If deemed necessary by the KVK Board, this situation may be announced on the website of the KVK Board or by any other method.

ARTICLE: 7 FOLLOWING THE RIGHTS OF THE DATA OWNER; CREATING CHANNELS TO TRANSFER THESE RIGHTS TO OUR COMPANY AND EVALUATION OF DATA OWNERS' REQUESTS

Our company carries out the necessary channels, internal functioning, administrative and technical regulations in accordance with Article 13 of the KVKK in order to evaluate the rights of personal data owners and to provide necessary information to personal data owners.

If personal data owners submit their requests regarding their rights listed below in writing to our Company, our Company concludes the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the KVK Board will be charged by our Company. Personal data owners;

  1. Learning whether personal data is processed or not,

  2. If personal data has been processed, requesting information about it,

  3. Learning the purpose of processing personal data and whether they are used in accordance with the purpose,

  4. Knowing the third parties to whom personal data is transferred at home or abroad,

  5. Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,

  6. Requesting the deletion or destruction of personal data in the event that the reasons requiring processing are eliminated, although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,

  7. Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

  8. It has the right to demand the compensation of the damage in case of loss due to the unlawful processing of personal data.

More detailed information on the rights of data owners is included in this Policy.

ARTICLE: 8 PROTECTION OF SPECIAL QUALITY PERSONAL DATA

With the KVK Law, special importance is attached to certain personal data due to the risk of causing victimization or discrimination in case of unlawful processing.

These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

Our company acts sensitively in the protection of special quality personal data, which is determined as "special quality" by the KVK Law and processed in accordance with the law. In this context, the technical and administrative measures taken by our Company for the protection of personal data are carefully implemented in terms of special quality personal data and necessary audits are provided within the company.

Detailed information on the processing of special categories of personal data is included in this Policy.

ARTICLE: 9 RAISING AWARENESS AND AUDIT OF BUSINESS UNITS ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

Our company provides necessary trainings to business units in order to prevent the illegal processing of personal data, illegal access to data, and to raise awareness about data protection.

Necessary systems are established to raise awareness of the current employees of the company's business units and the newly recruited employees about the protection of personal data.

ARTICLE 10: ISSUES REGARDING THE PROCESSING OF PERSONAL DATA

Our company, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law, regarding the processing of personal data; in accordance with the law and the rules of honesty; accurate and up-to-date where necessary; for specific, clear and legitimate purposes; engages in personal data processing activities in a connected, limited and measured manner for this purpose. Our company retains personal data for as long as required by law or for the purpose of processing personal data.

Our company processes personal data in accordance with Article 20 of the Constitution and Article 5 of the KVK Law, based on one or more of the conditions in Article 5 of the KVK Law regarding the processing of personal data.

Our company informs the personal data owners in accordance with the 20th article of the Constitution and the 10th article of the KVK Law and provides the necessary information in case the personal data owners request information.

Our company acts in accordance with the regulations stipulated for the processing of personal data of special nature in accordance with Article 6 of the KVK Law.

Our company acts in accordance with the regulations stipulated in the law and set forth by the KVK Board regarding the transfer of personal data in accordance with Articles 8 and 9 of the KVK Law.

ARTICLE 12: PROCESSING PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES PROVIDED IN THE LEGISLATION

12.1 Processing in Compliance with Law and Integrity

Our company; acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. In this context, our Company takes into account the proportionality requirements in the processing of personal data, and does not use personal data other than as required for the purpose.

12.2 Ensuring Personal Data Is Accurate and Up-to-Date When Necessary

Our company; It ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights and legitimate interests of personal data owners. It takes the necessary measures in this direction.

12.3 Processing for Specific, Explicit and Legitimate Purposes

Our company clearly and precisely determines the purpose of processing personal data, which is legitimate and lawful. Our company processes personal data in connection with the service it provides and as much as is necessary for them.

12.4 Relevance, Limitation, and Responsibility for the Purpose for which they are Processed

Our company processes personal data in a way that is suitable for the realization of the determined purposes and avoids the processing of personal data that is not related to the realization of the purpose or that is not needed. For example, personal data processing activities are not carried out to meet the needs that may arise later.

12.5 Retention for as Long as Required for the Purpose of Processing or Envisioned in the Relevant Legislation

Our company retains personal data only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context, our Company first determines whether a period is foreseen for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period, and if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed. Personal data is deleted, destroyed or anonymized by our Company in the event that the period expires or the reasons for its processing disappear. Personal data is not stored by our Company in case of future use. Detailed information on this subject is included in this Policy.

ARTICLE 13: PROCESSING OF PERSONAL DATA BASED ON ONE OR MORE OF THE PERSONAL DATA PROCESSING CONDITIONS STATED IN ARTICLE 5 OF KVKK AND LIMITED TO THESE TERMS

Protection of personal data is a constitutional right. Fundamental rights and freedoms can only be limited by law, without prejudice to their essence, depending on the reasons specified in the relevant articles of the Constitution. Third paragraph of Article 20 of the Constitution

Pursuant to this, personal data can only be processed in cases stipulated by law or with the explicit consent of the person. Our company in this direction and in accordance with the Constitution; processes personal data only in cases stipulated by law or with the explicit consent of the person. Detailed information on this subject is included in this Policy.

ARTICLE 14: DISCLOSURE AND INFORMATION OF THE PERSONAL DATA OWNER

Our company informs the personal data owners during the acquisition of personal data in accordance with Article 10 of the KVK Law. In this context, it clarifies for what purpose the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of collecting personal data and the rights of the personal data owner for legal reasons. Detailed information on this subject is included in this Policy.

Article 20 of the Constitution states that everyone has the right to be informed about their personal data. Accordingly, in Article 11 of the KVK Law, "requesting information" is also listed among the rights of the personal data owner. In this context, our company provides the necessary information in case the personal data owner requests information in accordance with the 20th article of the Constitution and the 11th article of the KVK Law. Detailed information on this subject is included in this Policy.

ARTICLE 15: PROCESSING OF SPECIAL QUALITY PERSONAL DATA

Our company strictly complies with the regulations stipulated in the KVK Law in the processing of personal data determined as "special quality" by the KVK Law.

In Article 6 of the KVK Law, certain personal data that carry the risk of causing victimization or discrimination when processed unlawfully are defined as "special quality". These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

By our Company in accordance with the KVK Law; Special categories of personal data are processed in the following cases, provided that adequate measures to be determined by the KVK Board are taken:

  1. If the personal data owner has express consent, or

  2. If the personal data owner does not have express consent;

1) Special categories of personal data other than the health and sexual life of the personal data owner, in cases stipulated by the laws,

2) Persons or authorized institutions that are under the obligation to keep secrets, but only for the protection of public health, the execution of preventive medicine, medical diagnosis, treatment and care services, the planning and management of health services and their financing. and by organizations.

ARTICLE 16: TRANSFER OF PERSONAL DATA

Our company can transfer the personal data and sensitive personal data of the personal data owner to third parties (third party companies, business partners, third real persons) by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. Accordingly, our company acts in accordance with the regulations stipulated in Article 8 of the KVK Law. Detailed information on this subject is included in this Policy.

16.1 Transfer of Personal Data

In line with the legitimate and lawful personal data processing purposes, our company may transfer personal data to third parties based on one or more of the personal data processing conditions specified in Article 5 of the Law listed below and in a limited manner:

  1. If the personal data owner has express consent;

  2. If there is a clear regulation in the law regarding the transfer of personal data,

  3. If it is necessary for the protection of the life or physical integrity of the personal data owner or someone else, and the personal data owner is unable to express his consent due to actual impossibility or if his consent is not legally valid;

  4. If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

  5. If personal data transfer is necessary for our company to fulfill its legal obligation,

  6. If the personal data has been made public by the personal data owner,

  7. If personal data transfer is necessary for the establishment, exercise or protection of a right,

  8. If personal data transfer is necessary for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

16.2 Transfer of Sensitive Personal Data

Our company, by showing the necessary care, taking the necessary security measures and taking the adequate measures prescribed by the KVK Board; In accordance with the legitimate and lawful personal data processing purposes, the personal data owner may transfer the sensitive data of the personal data owner to third parties in the following cases.

  1. If the personal data owner has express consent, or

  2. If the personal data owner does not have express consent;

1) Private personal data other than the health and sexual life of the personal data owner (race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress and dress, membership to associations, foundations or unions, criminal convictions and security measures) related data and biometric and genetic data), in cases prescribed by law,

2-Special quality personal data related to the health and sexual life of the personal data owner can only be used for the protection of public health, preventive medicine, medical diagnosis,

by persons or authorized institutions and organizations under the obligation of secrecy for the purpose of carrying out treatment and care services, planning and managing health services and financing.

ARTICLE 17: TRANSFER OF PERSONAL DATA ABROAD

1) Our company does not transfer personal data abroad. Accordingly, our company acts in accordance with the regulations stipulated in Article 9 of the Personal Data Protection Law.

.

ARTICLE 18: CATEGORIZATION OF PERSONAL DATA PROCESSED BY OUR COMPANY, PURPOSE OF PROCESSING AND STORAGE PERIOD

Our company notifies the personal data owner of which personal data owner groups are processing their personal data, the purposes of processing the personal data of the personal data owner and the storage periods within the scope of the disclosure obligation in accordance with Article 10 of the KVK Law.

ARTICLE 19: CATEGORIZATION OF PERSONAL DATA

Before our company, by informing the relevant persons in accordance with Article 10 of the KVK Law, in line with the legitimate and lawful personal data processing purposes of our Company, based on and limited to one or more of the personal data processing conditions specified in the 5th article of the KVK Law. Personal data in the following categories, limited to the subjects within the scope of this Policy, are processed by complying with the general principles specified in the KVK Law, including the principles specified in Article 4 regarding the processing of personal data, and all obligations set forth in the KVK Law. It is also stated in this Policy that the personal data processed in these categories are related to which data owners are regulated within the scope of this Policy.

IDENTIFICATION; Partially or wholly automatically or as part of a data recording system, which clearly belongs to an identified or identifiable natural person.

processed non-automatically; All information contained in documents such as Driver's License, Identity Card, Residence, Passport, Attorney's ID, Marriage Certificate.

COMMUNICATION INFORMATION; Processed partially or completely automatically or non-automatically as a part of the data recording system, which clearly belongs to an identified or identifiable natural person; information such as phone number, address and e-mail.

CUSTOMER INFORMATION; Processed partially or completely automatically or non-automatically as a part of the data recording system, which clearly belongs to an identified or identifiable natural person; Information obtained and produced about the person concerned as a result of our commercial activities and the operations carried out by our business units in this context.

PHYSICAL SPACE SAFETY KNOWLEDGE; Personal data regarding the records and documents taken during the stay in the physical space at the entrance to the physical space, which are clearly belonging to an identified or identifiable natural person and are included in the data recording system.

PROCESS SECURITY INFORMATION; Clearly belonging to an identified or identifiable natural person and included in the data recording system; Your personal data processed to ensure our technical, administrative, legal and commercial security while carrying out our commercial activities.

RISK MANAGEMENT INFORMATION; Clearly belonging to an identified or identifiable natural person and included in our data risk recording system; Data that can be used and processed in accordance with the generally accepted legal, commercial practice and good faith in these areas so that we can manage commercial, technical and administrative matters.

FINANCIAL INFORMATION; It is clear that it belongs to an identified or identifiable natural person, is processed partially or completely automatically or non-automatically as a part of the data recording system; Personal data processed for information, documents and records showing all kinds of financial results created according to the type of legal relationship our company has established with the personal data owner.

PERSONAL INFORMATION; Processed partially or completely automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person; All kinds of personal data processed for the purpose of obtaining the information that will form the basis for the personal rights of our employees or real persons who have a working relationship with our Company.

EMPLOYEE CANDIDATE INFORMATION; Processed partially or completely automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person; Personal data processed regarding individuals who have applied to be an employee of our company or who have been evaluated as an employee candidate in line with the human resources needs of our company in accordance with the rules of commercial practice and honesty, or who have a working relationship with our Company.

EMPLOYEE PROCESS INFORMATION; Processed partially or completely automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person; Personal data processed for all kinds of work-related transactions carried out by our employees or real persons who have a working relationship with our company.

WORK PERFORMANCE AND CAREER DEVELOPMENT KNOWLEDGE; Processed partially or completely automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person; Data processed for the purpose of measuring the performance of our employees or real persons who have a working relationship with our Company, and for the planning and execution of their career development within the scope of our company's human resources policy.

BENEFITS AND BENEFITS INFORMATION; Processed partially or completely automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person; Your personal data, which is processed for the planning of fringe benefits and benefits that we offer and will offer to our employees or other real persons who have a working relationship with our Company, to determine the objective criteria for entitlement to these, and to follow up the progress payments.

LEGAL PROCESS AND COMPLIANCE INFORMATION; Processed partially or completely automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person; Your personal data processed within the scope of determination, follow-up and performance of our legal receivables and rights, and compliance with our legal obligations and our company's policies.

AUDIT AND INSPECTION INFORMATION; Processed partially or completely automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person; Your personal data processed within the scope of our company's legal obligations and compliance with company policies.

PRIVATE PERSONAL DATA; Processed partially or completely automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person; Data specified in article 6 of Law No. 6698.

REQUEST/ COMPLAINT MANAGEMENT INFORMATION; Processed partially or completely automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person; Personal data regarding the receipt and evaluation of any request or complaint directed to our company.

ARTICLE 20: PURPOSE OF PROCESSING PERSONAL DATA

According to the categorization prepared by our company, the upper purposes regarding the processing of Personal Data are shared below:

  1. To carry out the necessary work by our relevant business units for the realization of the commercial activities carried out by our company and to carry out the related business processes,

  2. Planning and execution of our company's commercial and/or business strategies,

  1. Carrying out the necessary work by our business units and executing the relevant processes in order to benefit the relevant people from the products and services offered by our company,

  2. Planning and execution of our company's human resources policies and processes,

  3. Ensuring the legal, technical and commercial job security of the persons who have a business relationship with our company.

The data processing purposes within the scope of the above listed above are as follows:

  1. Event Management

  2. Planning and Execution of Research and Development Activities

  3. Planning and Execution of Business Activities

  4. Planning and Execution of Corporate Communication Activities

  5. Planning and Execution of Information Security Processes

  6. Establishment and Management of Information Technologies Infrastructure

  7. Planning and Execution of Business Partners and/or Suppliers' Access Authorizations to Information and Facilities

  8. Planning and Execution of Benefits and Benefits to Supplier and/or Business Partner Employees

  9. Follow-up of Finance and/or Accounting Affairs

10. Planning and Execution of Logistics Activities

11. Management of Relationships with Business Partners and/or Suppliers

12. Carrying out Activities for the Determination of the Financial Risks of the Customers

13. Planning and Execution of Customer Relationship Management Processes

14. Follow-up of Contract Processes and/or Legal Requests

15. Follow-up of Customer Requests and/or Complaints

16. Planning Human Resources Processes

17. Execution of Personnel Procurement Processes

18. Follow-up of Legal Affairs

19. Planning and Execution of Operational Activities Necessary for Ensuring that Company Activities are Carried out in Compliance with Company Procedures and/or Relevant Legislation

20. Collection of Entry and Exit Records of Business Partner/Supplier Employees

21. Creating and Tracking Visitor Records

22. Planning and Execution of Company Audit Activities

23. Planning and/or Execution of Occupational Health and/or Safety Processes

24. Ensuring Data is Accurate and Up-to-Date

25. Management and/or Supervision of Relationships with Affiliates

26. Ensuring the Security of Company Campuses and/or Facilities

27. Ensuring the Security of Company Assets and/or Resources

28. Planning and/or Execution of Company Financial Risk Processes

In order to process personal data within the scope of personal data processing purposes other than the situations mentioned above, our Company seeks the express consent of personal data owners; The following personal data processing activities by the relevant business units are carried out with the express consent of the personal data owners. In this context; In the absence of the above-mentioned conditions, personal data processing purposes for which the express consent of personal data owners is sought;

  1. I. Planning and Execution of Business Partners and/or Suppliers' Access Authorizations to Information and Facilities

  2. II. Planning and Execution of Logistics Activities

  3. III. Management of Relationships with Business Partners and/or Suppliers

  4. IV. Follow-up of Contract Processes and/or Legal Requests

  5. V. Planning Human Resources Processes

  6. VI. Execution of Personnel Supply Processes

  7. VII. Planning and/or Execution of Customer Satisfaction Activities

  8. Planning and Execution of Operational Activities Necessary for Ensuring the Conduct of Company Activities in Compliance with Company Procedures and/or Relevant Legislation

  9. IX. Collection of Entry and Exit Records of Business Partner/Supplier Employees

  10. X. Planning and Execution of Company Audit Activities

  11. XI. Planning and/or Execution of Occupational Health and/or Safety Processes

  12. XII. It can be listed as Ensuring the Security of Company Campuses and/or Facilities.

ARTICLE 21: PERSONAL DATA STORAGE PERIOD

Our company keeps personal data for the period specified in these legislations, if it is stipulated in the relevant laws and regulations.

If the legislation regarding how long personal data should be kept is not regulated for a period of time, personal data is processed for a period of time that requires it to be processed in accordance with our Company's practices and commercial life practices, depending on the services our company provides while processing that data, and then it is deleted, destroyed or anonymized. Detailed information on this subject is included in this policy.

The purpose of processing personal data has ended; if the storage periods determined by the relevant legislation and the company have come to an end; Personal data can only be stored to provide evidence in possible legal disputes or to assert the right related to personal data or to establish a defense. Despite the expiry of the statute of limitations and the statute of limitations for the right to assert the aforementioned right in the establishment of the terms herein, retention periods are determined based on the examples previously submitted to our Company on the same issues. In this case, the stored personal data is not accessed for any other purpose, and only when necessary to use it in the relevant legal dispute, access to the relevant personal data is provided. Here, too, personal data is deleted, destroyed or anonymized after the aforementioned period expires.

ARTICLE 22: CATEGORIZATION OF OWNERS OF PERSONAL DATA PROCESSED BY OUR COMPANY

Although the personal data of the following categories of personal data subjects are processed by our company, the scope of application of this Policy is limited to our customers, potential customers, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of the institutions we cooperate with, and third parties.

Protection and processing of personal data of our employees will be evaluated under the Holding Employees' Personal Data Protection and Processing Policy.

Although the categories of persons whose personal data are processed by our company are within the scope specified above, persons outside of these categories may also direct their requests to our Company within the scope of the KVK Law; requests of these persons will also be evaluated within the scope of this Policy.

The concepts of customer, potential customer, visitor, employee candidate, shareholder and board member, natural persons in the institutions we cooperate with, and third parties related to these persons, which are within the scope of this Policy, are explained below.

ARTICLE 23: CATEGORIES AND EXPLANATIONS

Visitor; Real persons who have entered the physical campuses owned by our company for various purposes or visited our websites.

Third Parties; Third-party real persons or real persons who are not within the scope of this policy and company employees' personal data protection and processing policy, in order to ensure the security of commercial transactions between our company and the parties or to protect the rights of the said persons and to obtain benefits.

Employee Candidate; Real persons who have applied for a job to our company by any means or have disclosed their resume-related information to our company.

Company Shareholder; The shareholders of our company are natural persons.

Company official; company's board of directors and other authorized natural persons.

Employees institutions, shareholders and officials with whom we cooperate; Natural persons (including, but not limited to, shareholders and officials of these institutions working in institutions with which our company has any business relationship (such as business partners, offices, suppliers).

ARTICLE 24: THE THIRD PARTIES TO THE PERSONAL DATA TO BE TRANSFERRED BY OUR COMPANY AND THE PURPOSE OF THE TRANSFER

Our company notifies the personal data owner of the groups of persons to whom personal data is transferred in accordance with Article 10 of the KVKK.

In accordance with Articles 8 and 9 of the KVK Law, our company may transfer the personal data of service recipients to the following categories of persons:

  1. To business partners of the company,

  2. Company suppliers,

  3. Company affiliates,

  4. To Company Shareholders,

  5. Legally Authorized public institutions and organizations,

  1. Legally authorized private legal persons.

The scope and data transfer purposes of the above-mentioned persons to whom the transfer is made are as follows;

  1. Limited to ensure the fulfillment of the purposes of establishment of the business partnership,

  2. Limited to ensure that the services that our company outsources from the supplier and that are necessary to carry out the commercial activities of our company,

  3. Limited to ensuring the execution of commercial activities of our company that require the participation of affiliates,

  4. Designing the strategies and audit activities of our company in accordance with the provisions of the legal legislation and limited to audit purposes,

  5. In the event that legally authorized public institutions and organizations request information and documents from our company within the framework of legal legislation, limited to the purpose requested within our legal authorities,

  6. In case legally authorized private legal persons request information and documents from our company within the framework of legal legislation, limited to the purpose requested within our legal powers,

In the transfers made by our company, we act in accordance with the issues regulated in the policy.

Our company informs the personal data owner about the personal data it processes in accordance with Article 10 of the KVK Law.

Although the legal grounds for the processing of personal data by our company differ, all kinds of personal data processing activities are carried out in accordance with the general principles specified in Article 4 of the Law No. 6698.

For the processing of personal data subject to the express consent of the personal data owner, express consent is obtained from visitors and third parties.

The personal data of the data owner can be processed in accordance with the law, if it is expressly stipulated in the law.

The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to express his or her consent due to actual impossibility or whose consent cannot be validated, in order to protect the life or bodily integrity of himself or another person.

Provided that it is directly related to the establishment or performance of a contract, it is possible to process personal data if it is necessary to process the personal data of the parties to the contract.

Personal data of the data subject may be processed if the processing is necessary for our company to fulfill its legal obligations as a data controller.

If the data owner has made his personal data public by himself, the relevant personal data may be processed.

If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed (invoice, etc.).

Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is necessary for the legitimate interests of our Company. (for internal calculations etc.)

Personal data processing activities carried out by our company at the entrance of the building and within the facility are carried out in accordance with the Constitution, the KVK Law and other relevant legislation.

In order to ensure security by our company, personal data processing activities are carried out in order to monitor the entrance and exit of guests with security cameras in our company's buildings and facilities.

Personal data processing is carried out by our Company by using security cameras and recording guest entries and exits.

In this context, our Company acts in accordance with the Constitution, KVK Law and other relevant legislation. Our company, within the scope of monitoring with security cameras; It aims to increase the quality of the service provided, to ensure its reliability, to ensure the safety of the company, employees and other persons, and to protect the interests of third parties regarding the service they receive. The camera monitoring activity carried out by our company is carried out in accordance with the Law on Private Security Services and the relevant legislation. Our company acts in accordance with the regulations in the KVK Law in the execution of camera surveillance activities for security purposes.

Our company carries out security camera monitoring activities in order to ensure security in its buildings and facilities, for the purposes stipulated in the laws and in accordance with the personal data processing conditions listed in the KVK Law.

Announcement of the monitoring activity by our company is made in accordance with Article 10 of the KVK Law.

In addition to the general lighting, our company notifies with more than one method regarding the camera monitoring activity in accordance with the EU regulations. Thus, it is aimed to prevent harming the fundamental rights and freedoms of the personal data owner, and to ensure transparency and enlightenment of the personal data owner.

Our company processes personal data in a limited and measured manner in connection with the purpose for which they are processed, in accordance with Article 4 of the KVK Law.

The purpose of maintaining the video camera monitoring activity by our company is limited to the purposes listed in this Policy. In this direction, the monitoring areas, the number of security cameras and when they will be monitored are implemented as sufficient to achieve the security purpose and in a limited manner for this purpose. Areas that may result in interference with the privacy of the person exceeding the security objectives (for example, toilets) are not subject to monitoring.

bottom of page