10038 Street No:1 AOSB 35620 Cigli / Izmir
10038 Street No:1 AOSB 35620 Cigli / Izmir
The Law on the
Protection of Personal Data No. 6698 ("Law"), which has been
prepared by working for many years within the framework of compliance
with the European Union criteria, was published in the Official Gazette dated
07.04.2016 and entered into force. The Law contains regulations in the same
direction as the European Union's directive 95 / 46 / EC to a large extent, and
with the entry into force of the Law, the protection of the personal data of
individuals in a holistic regulation has been taken under legal regulation.
Protection of your
personal data, 10038 Sokak No:1 A.O.S.B/ Çiğli/İZMİR Deka Yüzey Teknolojileri Makine İmalat Sanayi ve Ticaret Limited Company ("Company" or "Deka") registered
0273008170600015 with Izmir Trade Registry Directorate with MERSIS number ("Company"
or "Deka") According to
the Constitution of the Republic of Turkey, everyone has the right to request
the protection of personal data concerning him/her. The protection of personal
data is among the priorities of the Company and is governed by this Personal
Data Protection and Processing Policy ("Policy"); It pays due
attention to the protection of the personal data of employee candidates,
Company officials, our visitors, the institutions we cooperate with and their
employees, shareholders and officials and third parties.
Within the framework
of the principles of superior service quality, respect for the rights of
individuals, transparency and honesty adopted by the Company, in line with the
new regulations stipulated by the Law, the regulation of the internal
functioning of the Company within the scope of the Law, secondary regulations,
decisions and regulations of the Personal Data Protection Board and other
relevant legislation are among the priority issues of our Company. For this
reason, this Policy has been issued and put into effect in order to benefit our
customers from the rights brought by the Law and to ensure the compliance
process with the Law. In this context, the necessary administrative and
technical measures are taken by our Company for the protection of the personal
data processed in accordance with the relevant legislation.
With the Policy, in order to ensure that the regulations to be introduced
by the Company within the framework of the above-mentioned principles for
compliance with the Law are effectively implemented within the Company, by the
Company employees and business partners; It is aimed to make explanations about
the personal data processing activities carried out by the Company in
accordance with the law and the systems adopted for the protection of personal
data, to ensure that all kinds of administrative and technical measures are
taken in terms of processing and protection of personal data within the
operation of the Company, to establish the necessary internal procedures, to
determine all necessary trainings to raise awareness, to ensure the
establishment of appropriate and effective audit mechanisms by taking all
necessary measures for the compliance of employees and business partners with
the Law processes.
This Policy; It relates to all personal data of employee candidates,
Company officials, our visitors, the institutions with which we cooperate and
their employees, shareholders and officials and third parties that are
processed automatically or by non-automatic means provided that they are part
of any data recording system.
Explicit Consent
|
Consent
related to a specific subject, based on being informed and explained with free
will.
|
Anonymization of Personal Data
|
It refers
to the fact that personal data cannot be associated with an identified or
identifiable real person under any circumstances, even by matching it with
other data through techniques such as masking, aggregation, data corruption,
etc.
|
Application Form
|
It refers
to the Application Form for the Applications to be made to the Data Controller by the Relevant Person
(Personal Data Owner) in accordance with the Law on the Protection of
Personal Data No. 6698, which includes
the application to be made by the relevant persons to exercise their rights.
|
Employee Candidate
|
It refers
to real persons who have applied for a job with the Company in any way or who
have opened their resume and related information to the Company's
examination.
|
Employees and Officials of the Institutions We
Cooperate With
|
It refers
to real persons working in the institutions with which the Company has any
kind of business relationship, including the shareholders and officers of
these institutions.
|
Partner
|
While
carrying out commercial activities with the Company, it refers to the parties
with which it establishes business partnerships for purposes such as carrying
out various projects and receiving services.
|
Processing of Personal Data
|
It refers
to any operation performed on personal data such as obtaining, recording,
storing, preserving, changing, rearranging, disclosure, transferring, taking
over, making available, classifying or preventing the use of personal data by
fully or partially automatic means or by non-automatic means provided that it
is part of any data recording system.
|
Contact Person
|
It refers
to the natural person whose personal data is processed.
|
Deletion of Personal Data |
Deletion
of personal data; refers to making personal data inaccessible and unreusable
for the Relevant Users in any way.
|
Destruction of Personal Data |
It refers
to the process of making personal data inaccessible, irretrievable and
unreusable by anyone in any way.
|
Personal data
|
Any
information relating to an identified or identifiable natural person.
|
Personal Data Protection Authority
|
It refers
to the Personal Data Protection Authority.
|
Personal Data of Special Nature
|
It refers
to the race, ethnic origin, political opinion, philosophical belief,
religion, sect or other beliefs, clothing, membership of associations,
foundations or trade unions, health, sexual life, criminal convictions and
data on security measures, and biometric and genetic data.
|
Periodic Destruction
|
In the
event that all of the conditions for the processing of personal data in the
KVK Law disappear, it refers to the deletion, destruction or anonymization
process specified in the personal data retention policy and to be carried out
ex officio at recurring intervals.
|
Company Representative
|
It refers
to the Company Administrator and other authorized natural persons.
|
Suppliers and Service Providers
|
The
Company refers to the parties who provide products or services to the Company
on a contractual basis or without any contractual relationship in accordance
with the Company's orders and instructions in the course of carrying out its
business activities.
|
Third party
|
It refers
to natural persons whose personal data are processed under the Policy, which
are not otherwise defined under the Policy.
|
Data Processor
|
It refers
to the natural and legal person who processes personal data on behalf of the
data controller on the basis of the authority given by him.
|
Data Controller
|
It refers
to the natural or legal person who determines the purposes and means of
processing personal data and is responsible for the establishment and
management of the place where the data is kept in a systematic
manner (data
recording system).
|
Visitor
|
It refers
to natural persons who have entered the physical premises owned by the
Company for various purposes.
|
During the processing of personal data, the Company complies with Article
20 of the Constitution and Article 4 of the Law. In accordance with the law and
good faith rules in line with the article, accurate and up-to-date when
necessary; pursuing specific, explicit and legitimate aims; It carries out
personal data processing activities in a manner that is related to the purpose,
limited and measured. The Company retains personal data for the period
stipulated by law or required by the purpose of processing personal data.
The Company informs the relevant persons in accordance with Article 20 of
the Constitution and Article 10 of the Law and provides the necessary
information in case they request information in accordance with Article 11 of
the Law. The Company acts in accordance with the regulations stipulated for the
processing of sensitive personal data in accordance with Article 6 of the Law.
In accordance with Articles 8 and 9 of the Law, it acts in accordance with the
regulations stipulated in the law and set forth by the Personal Data Protection
Authority regarding the transfer of personal data.
The Company processes personal data based on one or more of the conditions
in Article 5 of the Law or Article 6 of the Law regarding the processing of
personal data.
In accordance with the regulations in the Law, personal data act in
accordance with the legal regulations and the general rule of trust and
honesty. In this context, the requirements of proportionality in the processing
of personal data are taken into consideration and the personal data is not used
except as required by the purpose.
The Company ensures that the personal data it processes through the systems
and communication channels it uses within the data processing processes are
accurate and up-to-date. It takes the necessary measures in this direction.
The Company processes personal data for specific and legitimate purposes
within the scope of the operations it carries out within its structure. The
clarification texts it has prepared, explicit consent texts and policies
clearly state the purposes of data processing.
The Company processes personal data in a manner conducive to the
achievement of the specified purposes and avoids the processing of personal
data that is not relevant or not needed for the realization of the purpose. For
example, personal data processing activities are not carried out to meet the
needs that may arise later.
The Company retains personal data only for the period specified in the
relevant legislation or necessary for the purpose for which they are processed.
In this context, it first determines whether a period is foreseen for the
storage of personal data in the relevant legislation, acts in accordance with
this period if a period is determined, and if a period is not determined, it
stores the personal data for the period required for the purpose for which they
are processed. In the event that the period expires or the reasons requiring
processing disappear, the personal data are deleted, destroyed or anonymized
automatically or periodically by the Company.
The protection of personal data is a constitutional right. Fundamental
rights and freedoms, without prejudice to their essence, may be restricted only
by law and only on the basis of the reasons specified in the relevant articles
of the Constitution. In accordance with the third paragraph of Article 20 of
the Constitution, personal data can only be processed in the cases stipulated
in the law or with the explicit consent of the person. In this direction and in
accordance with the Constitution, the Company shall; It processes personal data
only in the cases stipulated by the law or with the explicit consent of the
person.
In accordance with Article 10 of the Law, the Company enlightens the
relevant persons during the acquisition of personal data. In this context, the
Company provides information about the identity of its representative, if any,
the purpose for which the personal data will be processed, to whom and for what
purpose the processed personal data can be transferred, the method and legal
reason of collecting personal data and the rights of the personal data owner.
Article 20 of the Constitution establishes that everyone has the right to
be informed about the personal data concerning him/her. Accordingly, in Article
11 of the Law, "requesting information" is also counted among the
rights of the personal data owner. In this context, the Company provides the
necessary information in case the relevant person requests information in accordance
with Articles 20 of the Constitution and 11 of the Law.
In the processing of personal data determined by the Company as "of
special nature" by the Law, it acts sensitively in accordance with the
regulations stipulated in the KVK Law.
In Article 6 of the Law, a number of personal data that carry the risk of
causing victimization or discrimination of persons when processed unlawfully
are determined as "special quality". These data are; race, ethnic
origin, political opinion, philosophical belief, religion, sect or other
beliefs, clothing and clothing, membership of associations, foundations or
trade unions, health, sexual life, criminal convictions and data on security
measures, and biometric and genetic data.
In accordance
with the Law, personal data of special nature are processed by the Company in
the following cases, provided that adequate measures are taken to be determined
by the KVK Board:
· If the personal data owner has explicit consent, or
· If there is no explicit consent of the personal data owner;
· Personal data of special nature other than the health and sexual life of
the personal data owner, in the cases stipulated in the laws,
· The personal data of special nature related to the health and sexual life
of the personal data owner are processed only by the persons or authorized
institutions and organizations under the obligation of confidentiality for the
purpose of protecting public health, conducting preventive medicine, medical
diagnosis, treatment and care services, planning and management of health
services and their financing.
The Company may transfer the personal data and special quality personal
data of the personal data owner to third parties by taking the necessary
security measures included in this Policy in line with the personal data
processing purposes in accordance with the law. Accordingly, the Company acts
in accordance with the regulations stipulated in Article 8 of the Law. In cases
where personal data is transferred, data protection and transfer contracts are
signed with the real or legal persons to whom the transfer is made, and the
contracts contain provisions regarding the protection of data.
The Company
may transfer personal data to third parties based on and limited to one or more
of the personal data processing conditions specified in Article 5 of the Law
listed below by creating the necessary confidentiality conditions and taking
security measures in line with the legitimate and lawful personal data
processing purposes:
·
If the personal data
owner has explicit consent,
·
If there is a clear
regulation in the laws regarding the transfer of personal data,
·
If it is mandatory
for the protection of the life or bodily integrity of the personal data owner
or someone else and the personal data owner is unable to disclose his consent
due to actual impossibility or if the legal validity of his consent is not
recognized;
·
If it is necessary to
transfer the personal data of the parties to the contract, provided that it is
directly related to the establishment or performance of a contract,
·
If the transfer of
personal data is mandatory for the Company to fulfill its legal obligation,
·
If the personal data
has been made public by the personal data owner,
·
If the transfer of
personal data is mandatory for the establishment, exercise or protection of a
right,
·
Provided that it does
not harm the fundamental rights and freedoms of the personal data owner, it is
possible to transfer personal data if it is compulsory for the legitimate
interests of the Company.
The Company shall take the necessary diligence, take the necessary security
measures and take the adequate measures prescribed by the KVK Board; In line
with the legitimate and lawful personal data processing purposes, the personal
data of the personal data owner of special nature may be transferred to third
parties in the following cases.
·
If the personal data
owner has explicit consent, or
·
If there is no
explicit consent of the personal data owner;
· Personal data of special nature other than the health and sexual life of
the personal data owner (race, ethnic origin, political opinion, philosophical
belief, religion, sect or other beliefs, clothing and clothing, association,
foundation or union membership, data on criminal convictions and security
measures, and biometric and genetic data), in the cases stipulated in the laws,
· Personal data of special nature related to the health and sexual life of
the personal data owner can only be processed by persons or authorized
institutions and organizations under the obligation of confidentiality for the
purpose of protecting public health, conducting preventive medicine, medical
diagnosis, treatment and care services, planning and management of health
services and their financing.
The Company informs the personal data owner which personal data groups
process which personal data within the scope of the disclosure obligation in
accordance with Article 10 of the Law, the purposes of processing the personal
data of the personal data owner and the retention periods.
Before the Company; In line with the legitimate and lawful personal data
processing purposes of the Company, based on and limited to one or more of the
personal data processing conditions specified in Article 5 of the Law, in
accordance with the general principles specified in the Law, especially the
principles specified in Article 4 regarding the processing of personal data,
and all the obligations set forth in the Law, and limited to the groups of
persons within the scope of this Policy, the following categories of personal
data, In accordance with Article 10 of
the Law, the relevant persons are processed by informing them.
Categories of
Personal Data |
Personal Data
Categorization Explained |
Criminal convictions and security measures |
It refers to any document containing data
on Criminal Convictions and Security Measures applied to natural persons,
such as criminal records. |
Other |
is clearly belonging to an identified or
identifiable natural person; The data processed in a partially or fully
automated manner or in a non-automated manner as part of the data recording
system includes military status, interests, motor vehicle driving licence
information, motor vehicle license plate, application evaluation information,
application information, travel, entry and exit information, etc. |
Finance |
is clearly belonging to an identified or
identifiable natural person; processed in a partially or fully automated
manner or in a non-automated manner as part of a data recording system; The
personal data processed regarding the information, documents and records
showing all kinds of financial results created according to the type of legal
relationship established by our Company with the personal data owner and
information such as bank account number, IBAN number |
Physical Space Security |
is clearly belonging to an identified or
identifiable natural person; processed in a partially or fully automated
manner or in a non-automated manner as part of a data recording system;
personal data relating to the records and documents taken at the entrance to
the physical space and during the stay in the physical space; information
such as camera recordings, audio and video recordings and recordings taken at
the security point, entry time information |
Audio/Visual Data |
is clearly belonging to an identified or identifiable
natural person; personal data such as photographs and camera recordings,
voice recordings and data contained in documents that are copies of documents
containing personal data, photographs shared on social media |
Legal Action |
Data such as the determination and
follow-up of the Company's legal receivables and rights, the performance of
its debts and the litigation and enforcement file information processed
within the scope of its legal obligations |
Communication |
is clearly belonging to an identified or
identifiable natural person; processed in a partially or fully automated
manner or in a non-automated manner as part of a data recording system;
information such as telephone number, address, e-mail address, fax number |
Transaction Security |
Personal data such as log records, computer
user name and password information, website log-out information, IP address
information processed regarding the technical, administrative, legal and
commercial security of both the relevant person and the Company while
carrying out the activities of the Company |
Identity |
is clearly belonging to an identified or
identifiable natural person; processed in a partially or fully automated
manner or in a non-automated manner as part of a data recording system; are
the data containing information about the identity of the person, name-surname,
T.R. identity number, nationality information, mother's name and father's
name, place of birth, date of birth, gender including information such as
driver's license, identity card and passport documents and information such
as tax number |
Professional Experience |
is clearly belonging to an identified or
identifiable natural person; processed in a partially or fully automated
manner or in a non-automated manner as part of a data recording system; Data
on professional experience in the resume Education status, graduation date,
resume, course information, certificate information, last graduated school,
specialization information |
Customer Transaction |
is clearly belonging to an identified or
identifiable natural person; processed in a partially or fully automated
manner or in a non-automated manner as part of a data recording system; data
such as invoice information, payment amount |
Personnel
File |
is clearly belonging to an identified or identifiable
natural person; processed in a partially or fully automated manner or in a
non-automated manner as part of a data recording system; Personal data
such as SGK number, payroll information, entry-exit time records, SGK service
breakdown processed for
the purpose of establishing the personal rights of real persons who are in a
working relationship with the Company and obtaining information that will
form the basis for the functioning of the Company's Human Resources functions |
Health |
is clearly belonging to an identified or
identifiable natural person; processed in a partially or fully automated
manner or in a non-automated manner as part of a data recording system; The
data specified in Article 6 of the Law are health data, including blood type,
personal data such as treatment history |
Employee
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Criminal convictions and security
measures
|
v Criminal Record
|
v Execution of Information Security Processes v Execution of Employee Card Removal Processes v Execution of employee satisfaction and loyalty
processes v Fulfillment of Obligations Arising from the Employment
Contract and Legislation for Employees v Execution of Employee Benefits and Benefits Processes v Conducting Audit / Ethics Activities v Enforcement of Access Authorizations v Conducting Activities in Accordance with the
Legislation v Execution of Finance and Accounting Affairs v Execution of Loyalty Processes to Company / Product /
Services v Ensuring Physical Space Security v Execution of Assignment Processes v Follow-up and Execution of Legal Affairs v Internal Audit / Investigation / Conducting
Intelligence Activities v Conducting Communication Activities v Planning of Human Resources Processes v Execution / Supervision of Business Activities v Carrying out Occupational Health / Safety Activities v Carrying out Business Continuity Ensuring Activities v Creation of User Accounts v Execution of Goods / Services Purchasing Processes v Execution of Goods / Services Sales Processes v Execution of goods / services production and operation
processes v Execution of Customer Relationship Management Processes v Carrying out Activities for Customer Satisfaction v Conducting Marketing Analysis Studies v Execution of Risk Management Processes v Carrying out storage and archive activities v Execution of Contract Processes v Execution of Remuneration Policy v Execution of Marketing Processes of Products / Services v Ensuring the Security of Data Controller Operations v Conducting Talent / Career Development Activities v Providing information to authorized persons,
institutions and organizations v Execution of Management Activities |
v Other - Military
|
v Military Status (Whether or Not He
Has Done Military Service)
|
|
v Other – Clothing Size
|
v Clothing size
|
|
v Other - Hobbies and Interests
|
v Hobby information stated on the job
application form
|
|
v Other - Signature Data
|
v Signature data of the person
|
|
v Other – Training Data
|
v Schools, certifications, etc. where the
person has studied .
|
|
v Finance
|
v Bank Name
v Bank Account Number
v IBAN number
v Salary Information
v Payment Amount
|
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
|
v Visual Recordings
|
v Photograph
|
|
v Legal Action
|
v Litigation and enforcement file
information
|
|
v Communication
|
v Street Address Information
v E-Mail Address
v Telephone number
|
|
v Transaction Security
|
v Computer user name and password
information
v IP address information
|
|
v Identity
|
v Name
v Mother's name
v Father's name
v Gender
v Date of birth
v Place of birth
v Driver's License Image
v Signature
v Identity Image
v Identification Number
v Motor Vehicle Driving License
Information
v Identity Card family ordinal number
v Identity Card serial number
v Identity Card sequence no
v Population Registered Place
v Surname
v Nationality
|
|
v Professional Experience
|
v Computer Usage Information
v Diploma
v Course Information
v Vocational Training
v Name of the school and department
graduated from
v Graduation grade
v Graduation date
v Education
v Certificate Information
v Transcript Information
v Foreign Language Knowledge
|
|
v Personnel
File
|
v Payroll Information
v Task
v Employment Contract Information
v İŞKUR Registration Date
v Permission Information
v Profession
v Profession Code
v Resume
v SSI Service Breakdown
v Social Security / Pension
Information(SSI Login)
v SSK Registration Number
|
|
v Health
|
v Disability Status (whether disabled)
v Disease
v Employment Periodic Inspection Form
v Blood Group Information
v Work Accident History
v Surgery History Medical Report
|
Employee Candidate
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Criminal convictions and security
measures
|
v Conviction Status
|
vExecution of Employee Candidate / Intern / Student
Selection and Placement Processes vExecution of Application Processes of Employee
Candidates vConducting Communication Activities vPlanning of Human Resources Processes vExecution / Supervision of Business Activities vReceiving and Evaluating Suggestions for Improving
Business Processes vConducting Talent / Career Development Activities vCarrying out Business Continuity Ensuring Activities |
v Other - Military
|
v Military Status (Whether or Not He
Has Done Military Service)
v If Military Service Has Not Been
Performed, The Reason
|
|
v Other - Areas of Interest
|
v Interests
|
|
v Other – Training Data
|
v Schools, certifications, etc. where the
person has studied .
|
|
v Other – Motor Vehicle Licence
Information
|
v Driver's License Data
|
|
v Visual Recordings
|
v Photograph
|
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
|
v Communication
|
v E-Mail Address
v Telephone number
|
|
v Identity
|
v Name
v Gender
v Date of birth
v Marital Status
v Motor Vehicle Driving License
Information
v Surname
|
|
v Professional Experience
|
v Computer Usage Information
v Diploma
v Work Experience
v Course Information
v Profession
v Vocational Training
v Name of the school and department
graduated from
v Graduation grade
v Graduation date
v Education
v Previous Position
v Previous Workplace Name
v Working Time at Previous Workplace
v Resume
v Certificate Information
v Foreign Language Knowledge
|
|
v Health
|
v Disability Status (whether disabled)
v Disease Information
v Work Accident History
v Blood Group Information
|
Employee Candidate Reference
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Communication
|
v E-Mail Address
v Telephone number
|
v
Execution
of Employee Candidate / Intern / Student Selection and Placement Processes v
Execution
of Application Processes of Employee Candidates v
Planning
of Human Resources Processes v
Execution
/ Supervision of Business Activities v
Receiving
and Evaluating Suggestions for Improving Business Processes v
Carrying
out Business Continuity Ensuring Activities v
Conducting
Talent / Career Development Activities v Conducting Communication Activities |
v Identity
|
v Name
v Surname
|
|
v Personnel
File
|
v Workplace
v Profession
|
Shareholder(s)
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Identity
|
v Name
v Surname
v Signature
v Identification number
v Identification Serial Number
v Identity Image
|
vConducting Activities in Accordance with the Legislation vExecution / Supervision of Business Activities vExecution of Contract Processes vProviding information to authorized persons,
institutions and organizations vExecution of Management Activities vExecution of Investment Processes vCarrying out Business Continuity Ensuring Activities |
v Communication
|
v E-Mail Address
v Telephone number
v Residential Address
|
|
v Legal Action
|
v Litigation and enforcement file
information
|
|
v Other – Partnership Information
|
v Share Amount
v Capital Information
|
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
|
v Finance
|
v IBAN Number
v Bank Account Number
v Payment Amount
v Bank Name
v Payment Description
|
|
v Visual Recordings
|
v Photograph
|
|
v Other - Signature Data
|
v Signature data of the person
|
|
v Health
|
v Disability Status (whether disabled)
v Blood group information
v Surgery History
v Disease Information (Health Report)
|
|
Service Provider
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Finance
|
v Bank Name
v Bank Account Number
v IBAN number
|
v Conducting Audit / Ethics Activities v Conducting Activities in Accordance with the
Legislation v Execution of Finance and Accounting Affairs v Execution of Loyalty Processes to Company / Product /
Services v Follow-up and Execution of Legal Affairs v Internal Audit / Investigation / Conducting Intelligence
Activities v Conducting Communication Activities v Conducting Business Activities v Execution / Supervision of Business Activities v Execution of Logistics Activities v Execution of Goods / Services Purchasing Processes v Execution of Goods / Services After-Sales Support
Services v Execution of Goods / Services Sales Processes v Execution of goods / services production and operation
processes v Execution of Customer Relationship Management Processes v Carrying out Activities for Customer Satisfaction v Carrying out storage and archive activities v Execution of Contract Processes v Execution of Supply Chain Management Processes v Execution of Remuneration Policy v Execution of Marketing Processes of Products / Services v Providing information to authorized persons,
institutions and organizations v Execution of Management Activities |
v Legal Action
|
v Litigation and enforcement file
information
|
|
v Communication
|
v Street Address Information
v Address
v E-Mail Address
v Telephone number
|
|
v Identity
|
v Name- Surname
v Identification Number
|
|
v Other - Signature Data
|
v Signature data of the person
|
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
Service Provider Employee
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Identity
|
v Surname
v Name
v Signature
|
v
Conducting
Audit / Ethics Activities v
Conducting
Activities in Accordance with the Legislation v
Execution
of Finance and Accounting Affairs v
Execution
of Logistics Activities v
Conducting
Communication Activities v
Conducting
Business Activities v
Execution
of Goods / Services Purchasing Processes v
Execution
of Goods / Services After-Sales Support Services v
Execution
of Contract Processes v
Execution
of Supply Chain Management Processes v
Execution
of Remuneration Policy v
Execution
of Marketing Processes of Products / Services v Providing information to authorized persons,
institutions and organizations v Execution of Management Activities |
v Communication
|
v E-Mail Address
v Telephone number
|
|
v Other - Signature Data
|
v Signature data of the person
|
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
|
Potential Product or Service Buyer
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
vExecution of Loyalty Processes to Company / Product /
Services vExecution of Assignment Processes vConducting Communication Activities vExecution / Supervision of Business Activities vCarrying out Business Continuity Ensuring Activities vExecution of Goods / Services Sales Processes vExecution of Customer Relationship Management Processes vConducting Marketing Analysis Studies vExecution of Contract Processes vExecution of Management Activities |
v Identity
|
v Name
v Surname
|
v
Intern
|
||
v
Data
Category
|
v
Processed
Data
|
v
Purposes
of Processing Personal Data
|
v Communication
|
v E-Mail Address
v Telephone number
|
vFulfillment of Obligations Arising from the Employment
Contract and Legislation for Employees vConducting Activities in Accordance with the
Legislation vEnsuring Physical Space Security vPlanning of Human Resources Processes vCarrying out storage and archive activities vExecution of Contract Processes vProviding information to authorized persons,
institutions and organizations vExecution of Management Activities vConducting Talent / Career Development Activities |
v Identity
|
v Name
v Signature
v Identification Number
v Student Number
v Surname
|
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
|
v Finance
|
v Bank Name
v Bank Account Number
v IBAN number
v Payment Amount
|
Supplier
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Other - Signature Data
|
v Signature data of the person
|
vConducting Audit / Ethics Activities vConducting Activities in Accordance with the
Legislation vExecution of Finance and Accounting Affairs vExecution of Loyalty Processes to Company / Product /
Services vFollow-up and Execution of Legal Affairs vInternal Audit / Investigation / Conducting
Intelligence Activities vConducting Communication Activities vConducting Business Activities vExecution / Supervision of Business Activities vExecution of Logistics Activities vExecution of Goods / Services Purchasing Processes vExecution of Goods / Services After-Sales Support
Services vExecution of Goods / Services Sales Processes vExecution of goods / services production and operation
processes vExecution of Customer Relationship Management Processes vCarrying out Activities for Customer Satisfaction vCarrying out storage and archive activities vExecution of Contract Processes vExecution of Supply Chain Management Processes vExecution of Remuneration Policy vExecution of Marketing Processes of Products / Services vProviding information to authorized persons,
institutions and organizations vExecution of Management Activities |
v Finance
|
v Bank Name
v Bank Account Number
v Iban Number
v Payment Amount
|
|
v Legal Action
|
v Litigation and Enforcement File
Information
|
|
v Communication
|
v Street Address Information
v E-Mail Address
v Telephone number
|
|
v Identity
|
v Name
v Signature
v Registered Tax Office
v Identification Number
v Surname
v Tax Identification Number
|
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
Supplier Employee
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Other - Signature Data
|
v Signature data of the person
|
vConducting Audit / Ethics Activities vConducting Activities in Accordance with the
Legislation vExecution of Finance and Accounting Affairs v Execution of Logistics Activities vConducting Communication Activities vConducting Business Activities vExecution of Goods / Services Purchasing Processes vExecution of Goods / Services After-Sales Support
Services vExecution of Contract Processes vExecution of Supply Chain Management Processes vExecution of Remuneration Policy vExecution of Marketing Processes of Products / Services vProviding information to authorized persons,
institutions and organizations vExecution of Management Activities |
v Communication
|
v E-Mail Address
v Phone Number
|
|
v Identity
|
v Name
v Surname
|
|
v Legal Action
|
v Litigation and Enforcement File
Information
|
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
|
v Finance
|
v Bank Name
v Bank Account Number
v Iban Number
v Payment Amount
|
|
Product or Service Recipient
|
||
Data Category
|
Processed Data
|
Purposes of Processing Personal Data
|
v Communication
|
v Street Address Information
v E-Mail Address
v Telephone number
|
vConducting Activities in Accordance with the
Legislation vExecution of Finance and Accounting Affairs vExecution of Loyalty Processes to Company / Product /
Services vFollow-up and Execution of Legal Affairs vInternal Audit / Investigation / Conducting
Intelligence Activities vExecution / Supervision of Business Activities vExecution of Goods / Services Purchasing Processes vExecution of Goods / Services Sales Processes vExecution of goods / services production and operation
processes vExecution of Customer Relationship Management Processes vCarrying out Activities for Customer Satisfaction vCarrying out storage and archive activities vExecution of Contract Processes vExecution of Remuneration Policy vExecution of Marketing Processes of Products / Services vProviding information to authorized persons,
institutions and organizations vExecution of Management Activities |
v Identity
|
v Surname
v Name
v Identification Number
v Tax Identification Number
v Tax Office
v Signature
|
|
v Finance
|
v Bank Name
v Bank Account Number
v IBAN number
v Payment Amount
v Payment Description
|
|
v Customer Transaction
|
v Billing Information
v Payment Amount
|
|
v Physical Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
Visitor
|
||
Data Category
|
Processed Data
|
v
Purposes
of Processing Personal Data
|
v Identity
|
v Name
v Surname
|
vConducting Activities in Accordance with the
Legislation vExecution of Loyalty Processes to Company / Product /
Services vFollow-up and Execution of Legal Affairs vInternal Audit / Investigation / Conducting
Intelligence Activities vExecution / Supervision of Business Activities vExecution of Goods / Services Purchasing Processes vExecution of Goods / Services Sales Processes vExecution of goods / services production and operation
processes vExecution of Customer Relationship Management Processes vCarrying out Activities for Customer Satisfaction vCarrying out storage and archive activities vExecution of Contract Processes vExecution of Remuneration Policy vExecution of Marketing Processes of Products / Services vProviding information to authorized persons,
institutions and organizations vExecution of Management Activities |
v Personnel File
|
v Institution Information
|
|
v
Other
- Motor Vehicle Data
|
v Vehicle Information
v
Vehicle
License Plate
|
|
v
Physical
Space Security
|
v Check-out Time
v Check-in Time
v Security Camera Recording
|
|
The Company
processes personal data limited to the purposes and conditions within the
personal data processing conditions specified in Article 5, paragraph 2 and
Article 6, paragraph 3 of the Law. These purposes and conditions are;
ü
You have given your
explicit consent to the processing of your personal data
ü
The processing of
your personal data by the Company is directly related to and necessary for the
conclusion or performance of a contract
ü
Provided that your
personal data has been made public by you; processing of you by the Company in
a limited manner for the purpose of publicization
ü
The processing of
your personal data by the Company is mandatory for the establishment, exercise
or protection of the rights of our Company or you or third parties
ü
Provided that it does
not harm your fundamental rights and freedoms, it is mandatory to carry out
personal data processing activities for the legitimate interests of our
Company,
ü
In terms of the
personal data of special nature related to the health and sexual life of the
personal data owner, it is the processing of the persons under the obligation
of confidentiality or by the authorized institutions and organizations for the
purpose of protecting public health, conducting preventive medicine, medical
diagnosis, treatment and care services, planning and management of health
services and their financing.
If stipulated in the relevant laws and regulations, the Company keeps the
personal data for the period specified in these legislations. If a period of
time is not regulated in the legislation regarding how long the personal data
should be stored, the Personal Data is processed for the period that requires
the processing in accordance with the practices of the Company and the
practices of the commercial life depending on the activity carried out by the
Company while processing the data, and then deleted, destroyed or anonymized.
The purpose of processing personal data has ended; if the retention periods
determined by the relevant legislation and the Company have also come to an
end; Personal data can only be stored for the purpose of constituting evidence
in possible legal disputes or asserting the relevant right related to personal
data or establishing a defense. In the establishment of the periods herein, the
retention periods are determined on the basis of the time-out periods for the
assertion of the aforementioned right and the examples of the requests
previously made to the Company on the same issues despite the expiration of the
time-out periods. In this case, the stored personal data is not accessed for
any other purpose and access to the relevant personal data is provided only
when it is necessary to use it in the relevant legal dispute. After the expiry
of the aforementioned period, personal data are deleted, destroyed or
anonymized.
DATA CATEGORY
|
DATA RETENTION PERIOD (maximum) |
Criminal
convictions and security measures |
10 years
from the Termination of the Legal Relationship |
Other - Military Service |
1 year from
the Termination of the Legal Relationship |
Other - Areas of Interest |
1 year from
the Termination of the Legal Relationship |
Other - Driver's License |
10 Years
from the Termination of the Legal Relationship |
Other - Signature |
10 Years
from the Termination of the Legal Relationship |
Other – Clothing Size Information |
1 year from
the Termination of the Legal Relationship |
Finance |
10 Years
from the Termination of the Legal Relationship |
Physical Space Security |
2 Months
from the Termination of the Legal Relationship |
Visual Recordings |
10 Years
from the Termination of the Legal Relationship |
Legal Action |
10 Years
from the Termination of the Legal Relationship |
Communication |
10 years
from the Termination of the Legal Relationship |
Transaction Security |
10 years
from the Termination of the Legal Relationship |
Identity |
15 Years
from the Termination of the Legal Relationship |
Professional Experience |
10 Years
from the Termination of the Legal Relationship |
Customer Transaction |
10 Years
from the Termination of the Legal Relationship |
Aslam |
10 years
from the Termination of the Legal Relationship |
Health |
10 Years
from the Termination of the Legal Relationship |
In accordance with
Article 10 of the Law, the Company notifies the personal data owner of the
groups of persons to whom the personal data are transferred. In accordance with
Article 8 of the Company's Law, the personal data of the data owners managed by
the Policy may be transferred to the following categories of persons:
·
To the company
officials,
·
To legally authorized
public institutions and organizations,
·
With legally
authorized private law persons
The scope of the above-mentioned persons to whom the transfer is made and
the purposes of data transfer are stated below.
Persons to whom data can be transferred |
Definition |
Purpose of Data Transfer |
Legally Authorized Public Institutions and
Organizations |
Public institutions and organizations authorized to receive information
and documents from the Company in accordance with the provisions of the
relevant legislation (Ministry) |
Limited to the purpose requested by the relevant public institutions and
organizations within the scope of their legal authority |
Real Persons or Private Law Legal Entities |
Private law persons authorized to receive information and documents from
the Company in accordance with the provisions of the relevant legislation
(Independent Audit, Product or Service Recipient, OHS, Banks, Accounting
Systems, E-Archive Invoice Service Providers) |
It can be transferred limited to the purpose requested by the relevant
private law legal entities within the scope of their legal authority in
accordance with the provisions of the legislation. |
To Company Officials |
Persons who have management and supervisory authority within the company |
Data transfer can be made to the Company authorities in order to ensure
business continuity by carrying out the company's management and audit
processes. |
The Company enlightens the personal data owner about the personal data it
processes in accordance with Article 10 of the Law.
The explicit consent of the personal data owner is only one of the legal
bases that make it possible to process personal data in accordance with the
law. Apart from explicit consent, personal data may also be processed in the
presence of one of the other conditions written below. The basis of the
personal data processing activity may be only one of the following conditions,
or more than one of these conditions may be the basis of the same personal data
processing activity. In the event that the processed data is personal data of
special nature; The terms set out in heading 5.1.2. below under this section
apply.
Although the legal bases for the processing of personal data by our Company
vary, all kinds of personal data processing activities are acted in accordance
with the general principles specified in Article 4 of the Law.
One of the conditions for the processing of personal data is the explicit
consent of the owner. The explicit consent of the personal data owner should be
disclosed on a specific subject, based on information and with free will.
For personal data processing activities other than the purpose of
processing (primary processing) for the reasons for obtaining personal data
(secondary processing), at least one of the conditions set out in b, c, d, e,
f, g and h of this title is sought; If one of these conditions is not present,
these personal data processing activities are carried out by the Company based
on the explicit consent of the personal data owner for these processing
activities.
In order to process the personal data depending on the explicit consent of
the personal data owner, the explicit consent of the relevant persons is
obtained with the relevant methods.
The personal data of the data owner may be processed in accordance with the
law if it is explicitly stipulated in the law.
The personal data of the data owner may be processed if it is mandatory to
process the personal data in order to protect the life or body integrity of the
person who is unable to explain his/her consent due to actual impossibility or
whose consent cannot be recognized as valid.
Provided that it is directly related to the establishment / performance of
a contract, it is possible to process personal data if it is necessary to
process the personal data of the parties to the contract. Data such as name and
surname, which are indispensable elements of the contract, can be shown as
examples.
The personal data of the data owner may be processed if the processing is
mandatory for the Company to fulfill its legal obligations as the data
controller. The data that the Company is obliged to process by law can be shown
as an example.
If the personal data of the data owner has been made public by him/herself,
the relevant personal data may be processed.
If data processing is mandatory for the establishment, use or protection of
a right, the personal data of the personal data owner may be processed.
The data data may be processed if the data processing is mandatory for the
legitimate interests of the Company, provided that it does not harm the
fundamental rights and freedoms of the personal data owner. In order to ensure
security, recording with security cameras can be shown as an example.
If the personal data of special nature are not explicitly
consented by the Company, but provided that adequate measures to be determined
by the Personal Data Protection Authority are taken, the personal data of
special nature other than the health and sexual life of the personal data owner
are processed in the cases stipulated in the laws:
ü If the personal data owner has explicit consent, it can be processed.
ü If the personal data owner does not have explicit consent:
·
Personal data of
special nature other than the health and sexual life of the personal data
owner, in the cases stipulated in the laws,
·
The personal data of
special nature related to the health and sexual life of the personal data owner
are processed only by the persons or authorized institutions and organizations
under the obligation of confidentiality for the purpose of protecting public
health, conducting preventive medicine, medical diagnosis, treatment and care
services, planning and management of health services and their financing.
The personal data processing activities carried out by the Company at the
Company's entrances and within the Company are carried out in accordance with
the Constitution, the Law and other relevant legislation. Personal data
processing activities are carried out by the Company in order to ensure
security.
Due to the fact that the data controller has a legitimate interest, your
personal data is processed through security cameras and the data processed for
the purpose of ensuring the security of the physical place are not transferred
abroad.
Although the Company has been processed in accordance with the provisions
of the relevant law as regulated in Article 138 of the Turkish Criminal Code
and Article 7 of the Law, personal data shall be deleted, destroyed or
anonymized in accordance with the Company's own decision or upon the request of
the personal data owner in the event that the reasons requiring the processing
disappear.
In accordance
with Article 12 of the Law, the Company takes the necessary technical and
administrative measures to ensure the appropriate level of security in order to
prevent the unlawful processing of the personal data it processes, to prevent
unlawful access to the data and to ensure the retention of the data, and to
carry out or have the necessary audits carried out in this context.
ü Network security and application security are ensured.
ü Security measures are taken within the scope of information technology
systems supply, development and maintenance.
ü The security of personal data stored in the cloud is ensured.
ü Data processing center (server room) entrances and exits are made with a
combination door system.
ü Up-to-date anti-virus systems are used.
ü Firewalls are used.
ü Extra security measures are taken for personal data transferred via paper
and the relevant documents are sent in confidential document format.
ü User-based random data flow control is carried out.
ü User authorizations are checked monthly.
ü Personal data is backed up and the security of the backed up personal data
is also ensured.
ü Existing risks and threats have been identified
ü Intrusion prevention systems are used.
ü Cyber security measures have been taken and their implementation is
constantly monitored.
ü The security of the personal data stored on the server is ensured.
ü Encryption is performed.
ü The data of special quality persons transferred on portable memory, CD, DVD
media are encrypted and transferred.
ü Data loss prevention software is used.
ü Service providers that process data are periodically audited for data
security.
ü Service providers that process data are made aware of data security.
The Company takes the necessary technical and
administrative measures according to the technological facilities and the cost
of implementation in order to store personal data in secure environments and to
prevent them from being destroyed, lost or altered for unlawful purposes
ü Systems suitable for technological developments are used to store personal
data in secure environments.
ü Backup programs are used in accordance with the law to ensure that personal
data is stored securely.
ü Access to the data is restricted to the environments where personal data
are kept and only authorized persons are allowed to access these data limited
to the purpose of storing the personal data, and the accesses to the data
storage areas where the personal data are located are logged and inappropriate
accesses or access attempts are instantly transmitted to the relevant persons.
The Company carries out the necessary channels, internal functioning,
administrative and technical arrangements in accordance with Article 13 of the
Law in order to evaluate the rights of the relevant persons and to provide the
necessary information to the relevant persons.
In the event
that the relevant persons submit their requests regarding the rights listed
below to the Company in writing, the Company concludes the request free of
charge as soon as possible and not exceeding thirty days according to the
nature of the request. However, if a fee is stipulated by the KVK Board, the
Company may charge the fee in the tariff determined by the Personal Data
Protection Authority. Relevant persons;
· To learn whether personal data is processed or not,
· If their personal data has been processed, to request information about it,
· To learn the purpose of processing personal data and whether they are used
in accordance with their purpose,
· To know the third parties to whom personal data are transferred
domestically or abroad,
· In case the personal data are processed incompletely or incorrectly, to
request their correction and to request that the transaction carried out within
this scope be notified to the third parties to whom the personal data are
transferred,
· Requesting the deletion or destruction of personal data in the event that
the reasons requiring the processing of personal data disappear, even though
they have been processed in accordance with the provisions of the Law and other
relevant laws, and requesting that the transaction carried out within this
scope be notified to the third parties to whom the personal data has been
transferred,
· To object to the occurrence of a result against the person himself by
analyzing the processed data exclusively by means of automatic systems,
· In the event that personal data is damaged due to unlawful processing, they
have the right to request the compensation of the damage and the rights of the
data owners are given more detailed information within the scope of the
following sections of this Policy.
The Company informs itself of the rights of the personal data owner in
accordance with Article 10 of the Law, guides the personal data owner on how to
use these rights, and the Company carries out the necessary channels, internal
functioning, administrative and technical arrangements in accordance with
Article 13 of the Law in order to evaluate the rights of the relevant persons
and to provide the necessary information to the relevant persons
The persons
concerned have the following rights:
· To learn whether personal data is processed or not,
· If their personal data has been processed, to request information about it,
· To learn the purpose of processing personal data and whether they are used
in accordance with their purpose,
· To know the third parties to whom personal data are transferred
domestically or abroad,
· In case the personal data are processed incompletely or incorrectly, to
request their correction and to request that the transaction carried out within
this scope be notified to the third parties to whom the personal data are
transferred,
· Requesting the deletion or destruction of personal data in the event that
the reasons requiring the processing of personal data disappear, even though
they have been processed in accordance with the provisions of the Law and other
relevant laws, and requesting that the transaction carried out within this
scope be notified to the third parties to whom the personal data has been
transferred,
· To object to the occurrence of a result against the person himself by
analyzing the processed data exclusively by means of automatic systems,
· Requesting the compensation of the damage in case the personal data is
damaged due to unlawful processing
Since the
following cases are excluded from the scope of the Law pursuant to Article 28
of the Law, the persons concerned cannot assert their rights listed in 10.1.1.
in these matters:
· Processing of personal data for purposes such as research, planning and
statistics by anonymizing them with official statistics.
· The processing of personal data for artistic, historical, literary or
scientific purposes or within the scope of freedom of expression, provided that
it does not violate national defense, national security, public security,
public order, economic security, privacy of private life or personal rights or
does not constitute a crime.
· Processing of personal data within the scope of preventive, protective and
intelligence activities carried out by public institutions and organizations
mandated and authorized by law in order to ensure national defense, national
security, public security, public order or economic security.
· Processing of personal data by judicial or enforcement authorities in
connection with investigation, prosecution, trial or execution proceedings.
· In accordance with Article 28/2 of the Law; Except for the right to claim
compensation for damages, the persons concerned shall not assert any of the
other rights enumerated in 10.1.1. in the following cases:
· The processing of personal data is necessary for the prevention of crime or
for the investigation of a crime.
· Processing of personal data made public by the personal data owner
himself/herself.
· The processing of personal data is necessary for the execution of
supervisory or regulatory duties and for disciplinary investigation or prosecution
by the authorized and authorized public institutions and organizations and
professional organizations that are public institutions based on the authority
given by the law.
· The processing of personal data is necessary for the protection of the
economic and financial interests of the State in relation to budgetary, tax and
financial matters.
The relevant persons may submit their requests regarding their rights
listed under the heading 10.1.1. of this section with the information and
documents that will identify their identity and by the methods specified below
or by other methods determined by the Personal Data Protection Board at
https://www.deka.com. tr / by filling out the application form available at kvkk@deka.com.tr.
tr / and sending a wet signed copy of it to the address "10038 Sokak No: 1
A.O.S.B / Çiğli /İZMİR" by hand, registered mail with return receipt
requested or via notary public or electronically to the e-mail address kvkk@deka.com.tr
or to the e-mail address of our Company registered at dekayuzey@hs01.kep.tr kep
address.
In order for
third parties to request an application on behalf of the relevant persons,
there must be a special power of attorney issued by the data owner through a
notary public on behalf of the person who will make the application.
In the event
that the personal data owner rejects the application in accordance with Article
14 of the Law, the response given is found to be insufficient or the
application is not responded to in time; It may file a complaint with the KVK
Board within thirty days from the date of learning the Company's reply and
possibly within sixty days from the date of application.
Applications regarding personal data processing activities must be made to
the Company. The Company will respond to the applications submitted to it in
accordance with the contact requests contained in the form. If the application
is made by the relevant person without using the application form, the
application made by the relevant person may be answered by the notary public or
by mail in accordance with the application.
The Company may request information from the relevant person in order to
determine whether the applicant is the personal data owner or not. In order to
clarify the issues included in the application of the personal data owner, the
Company may ask the personal data owner about the application.
The Company
may reject the applicant's application by explaining the reason in the
following cases:
· Processing of personal data for purposes such as research, planning and
statistics by anonymizing them with official statistics.
· The processing of personal data for artistic, historical, literary or
scientific purposes or within the scope of freedom of expression, provided that
it does not violate national defense, national security, public security,
public order, economic security, privacy of private life or personal rights or
does not constitute a crime.
· Processing of personal data within the scope of preventive, protective and
intelligence activities carried out by public institutions and organizations
mandated and authorized by law in order to ensure national defense, national
security, public security, public order or economic security.
· Processing of personal data by judicial or enforcement authorities in
connection with investigation, prosecution, trial or execution proceedings.
· The processing of personal data is necessary for the prevention of crime or
for the investigation of a crime.
· Processing of personal data made public by the personal data owner
himself/herself.
· The processing of personal data is necessary for the execution of
supervisory or regulatory duties and for disciplinary investigation or
prosecution by the authorized and authorized public institutions and
organizations and professional organizations that are public institutions based
on the authority given by the law.
· The processing of personal data is necessary for the protection of the
economic and financial interests of the state.
· The request of the personal data owner is likely to prevent the rights and
freedoms of other persons
· Requests have been made that require disproportionate effort.
· The information requested is public information
Title: Deka Yüzey Teknolojileri Makine İmalat Sanayi ve Ticaret Limited Company
Phone Number: +90 (0232) 328 06 99
Postal Address: 10038 Sokak
No:1 A.O.S.B/ Çiğli/İZMİR
Email address: kvkk@deka.com.tr
Kep address: dekayuzey@hs01.kep.tr