1.        SECTION - Introduction

                   1.1.   Introduction, Purpose and Scope

The Law on the Protection of Personal Data No. 6698 ("Law"), which has been prepared by working for many years within the framework of compliance with the European Union criteria, was published in the Official Gazette dated 07.04.2016 and entered into force. The Law contains regulations in the same direction as the European Union's directive 95 / 46 / EC to a large extent, and with the entry into force of the Law, the protection of the personal data of individuals in a holistic regulation has been taken under legal regulation.

Protection of your personal data, 10038 Sokak No:1 A.O.S.B/ Çiğli/İZMİR Deka Yüzey Teknolojileri Makine İmalat Sanayi ve Ticaret Limited Company ("Company" or "Deka") registered 0273008170600015 with Izmir Trade Registry Directorate with MERSIS number  ("Company" or "Deka") According to the Constitution of the Republic of Turkey, everyone has the right to request the protection of personal data concerning him/her. The protection of personal data is among the priorities of the Company and is governed by this Personal Data Protection and Processing Policy ("Policy"); It pays due attention to the protection of the personal data of employee candidates, Company officials, our visitors, the institutions we cooperate with and their employees, shareholders and officials and third parties.

Within the framework of the principles of superior service quality, respect for the rights of individuals, transparency and honesty adopted by the Company, in line with the new regulations stipulated by the Law, the regulation of the internal functioning of the Company within the scope of the Law, secondary regulations, decisions and regulations of the Personal Data Protection Board and other relevant legislation are among the priority issues of our Company. For this reason, this Policy has been issued and put into effect in order to benefit our customers from the rights brought by the Law and to ensure the compliance process with the Law. In this context, the necessary administrative and technical measures are taken by our Company for the protection of the personal data processed in accordance with the relevant legislation.

With the Policy, in order to ensure that the regulations to be introduced by the Company within the framework of the above-mentioned principles for compliance with the Law are effectively implemented within the Company, by the Company employees and business partners; It is aimed to make explanations about the personal data processing activities carried out by the Company in accordance with the law and the systems adopted for the protection of personal data, to ensure that all kinds of administrative and technical measures are taken in terms of processing and protection of personal data within the operation of the Company, to establish the necessary internal procedures, to determine all necessary trainings to raise awareness, to ensure the establishment of appropriate and effective audit mechanisms by taking all necessary measures for the compliance of employees and business partners with the Law processes.

 

This Policy; It relates to all personal data of employee candidates, Company officials, our visitors, the institutions with which we cooperate and their employees, shareholders and officials and third parties that are processed automatically or by non-automatic means provided that they are part of any data recording system.

 

                   1.2.   Definitions

Explicit Consent

Consent related to a specific subject, based on being informed and explained with free will.

Anonymization of Personal Data

It refers to the fact that personal data cannot be associated with an identified or identifiable real person under any circumstances, even by matching it with other data through techniques such as masking, aggregation, data corruption, etc.

Application Form

It refers to the Application Form for the Applications to be made to the Data Controller by the Relevant Person (Personal Data Owner) in accordance with the Law on the Protection of Personal Data No. 6698, which includes the application to be made by the relevant persons to exercise their rights.

Employee Candidate

It refers to real persons who have applied for a job with the Company in any way or who have opened their resume and related information to the Company's examination.

Employees and Officials of the Institutions We Cooperate With

It refers to real persons working in the institutions with which the Company has any kind of business relationship, including the shareholders and officers of these institutions.

Partner

While carrying out commercial activities with the Company, it refers to the parties with which it establishes business partnerships for purposes such as carrying out various projects and receiving services.

Processing of Personal Data

It refers to any operation performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosure, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

Contact Person

It refers to the natural person whose personal data is processed.

Deletion of Personal Data

Deletion of personal data; refers to making personal data inaccessible and unreusable for the Relevant Users in any way.

Destruction of Personal Data

It refers to the process of making personal data inaccessible, irretrievable and unreusable by anyone in any way.

Personal data

Any information relating to an identified or identifiable natural person.

Personal Data Protection Authority

It refers to the Personal Data Protection Authority.

Personal Data of Special Nature

It refers to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and data on security measures, and biometric and genetic data.

Periodic Destruction

In the event that all of the conditions for the processing of personal data in the KVK Law disappear, it refers to the deletion, destruction or anonymization process specified in the personal data retention policy and to be carried out ex officio at recurring intervals.

Company Representative

It refers to the Company Administrator and other authorized natural persons.

Suppliers and Service Providers

The Company refers to the parties who provide products or services to the Company on a contractual basis or without any contractual relationship in accordance with the Company's orders and instructions in the course of carrying out its business activities.

Third party

It refers to natural persons whose personal data are processed under the Policy, which are not otherwise defined under the Policy.

Data Processor

It refers to the natural and legal person who processes personal data on behalf of the data controller on the basis of the authority given by him.

Data Controller

It refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the place where the data is kept in a systematic manner (data recording system).

Visitor

It refers to natural persons who have entered the physical premises owned by the Company for various purposes.

 

2.        SECTION – Issues Regarding the Processing of Personal Data

                   2.1.       In General

During the processing of personal data, the Company complies with Article 20 of the Constitution and Article 4 of the Law. In accordance with the law and good faith rules in line with the article, accurate and up-to-date when necessary; pursuing specific, explicit and legitimate aims; It carries out personal data processing activities in a manner that is related to the purpose, limited and measured. The Company retains personal data for the period stipulated by law or required by the purpose of processing personal data.

The Company informs the relevant persons in accordance with Article 20 of the Constitution and Article 10 of the Law and provides the necessary information in case they request information in accordance with Article 11 of the Law. The Company acts in accordance with the regulations stipulated for the processing of sensitive personal data in accordance with Article 6 of the Law. In accordance with Articles 8 and 9 of the Law, it acts in accordance with the regulations stipulated in the law and set forth by the Personal Data Protection Authority regarding the transfer of personal data.

The Company processes personal data based on one or more of the conditions in Article 5 of the Law or Article 6 of the Law regarding the processing of personal data.

2.2.       Processing of Personal Data in Accordance with the Principles Stipulated in the Legislation

2.2.1.      Processing in Accordance with the Law and the Rule of Honesty

In accordance with the regulations in the Law, personal data act in accordance with the legal regulations and the general rule of trust and honesty. In this context, the requirements of proportionality in the processing of personal data are taken into consideration and the personal data is not used except as required by the purpose.

2.2.2.      Ensuring that Personal Data is Accurate and, Where Necessary, Up-to-Date

The Company ensures that the personal data it processes through the systems and communication channels it uses within the data processing processes are accurate and up-to-date. It takes the necessary measures in this direction.

2.2.3.      Processing for Specific, Explicit and Legitimate Purposes

The Company processes personal data for specific and legitimate purposes within the scope of the operations it carries out within its structure. The clarification texts it has prepared, explicit consent texts and policies clearly state the purposes of data processing.

2.2.4.      Being Relevant, Limited and Proportionate to the Purpose for which They Are Processed

The Company processes personal data in a manner conducive to the achievement of the specified purposes and avoids the processing of personal data that is not relevant or not needed for the realization of the purpose. For example, personal data processing activities are not carried out to meet the needs that may arise later.

2.2.5.      Retention for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which They are Processed

The Company retains personal data only for the period specified in the relevant legislation or necessary for the purpose for which they are processed. In this context, it first determines whether a period is foreseen for the storage of personal data in the relevant legislation, acts in accordance with this period if a period is determined, and if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed. In the event that the period expires or the reasons requiring processing disappear, the personal data are deleted, destroyed or anonymized automatically or periodically by the Company.

2.3.       Personal Data, Article 5 of the Law Processing based on and limited to one or more of the Personal Data Processing Terms specified in the Article

The protection of personal data is a constitutional right. Fundamental rights and freedoms, without prejudice to their essence, may be restricted only by law and only on the basis of the reasons specified in the relevant articles of the Constitution. In accordance with the third paragraph of Article 20 of the Constitution, personal data can only be processed in the cases stipulated in the law or with the explicit consent of the person. In this direction and in accordance with the Constitution, the Company shall; It processes personal data only in the cases stipulated by the law or with the explicit consent of the person.

2.4.       Clarification and Informing the Personal Data Owner

In accordance with Article 10 of the Law, the Company enlightens the relevant persons during the acquisition of personal data. In this context, the Company provides information about the identity of its representative, if any, the purpose for which the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason of collecting personal data and the rights of the personal data owner.

Article 20 of the Constitution establishes that everyone has the right to be informed about the personal data concerning him/her. Accordingly, in Article 11 of the Law, "requesting information" is also counted among the rights of the personal data owner. In this context, the Company provides the necessary information in case the relevant person requests information in accordance with Articles 20 of the Constitution and 11 of the Law.

2.5.       Processing of Personal Data of Special Nature

In the processing of personal data determined by the Company as "of special nature" by the Law, it acts sensitively in accordance with the regulations stipulated in the KVK Law.

In Article 6 of the Law, a number of personal data that carry the risk of causing victimization or discrimination of persons when processed unlawfully are determined as "special quality". These data are; race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and data on security measures, and biometric and genetic data.

In accordance with the Law, personal data of special nature are processed by the Company in the following cases, provided that adequate measures are taken to be determined by the KVK Board:

·     If the personal data owner has explicit consent, or

·     If there is no explicit consent of the personal data owner;

·     Personal data of special nature other than the health and sexual life of the personal data owner, in the cases stipulated in the laws,

·     The personal data of special nature related to the health and sexual life of the personal data owner are processed only by the persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing.

 

2.6.       Transfer of Personal Data

The Company may transfer the personal data and special quality personal data of the personal data owner to third parties by taking the necessary security measures included in this Policy in line with the personal data processing purposes in accordance with the law. Accordingly, the Company acts in accordance with the regulations stipulated in Article 8 of the Law. In cases where personal data is transferred, data protection and transfer contracts are signed with the real or legal persons to whom the transfer is made, and the contracts contain provisions regarding the protection of data.

2.6.1.      Transfer of Personal Data

The Company may transfer personal data to third parties based on and limited to one or more of the personal data processing conditions specified in Article 5 of the Law listed below by creating the necessary confidentiality conditions and taking security measures in line with the legitimate and lawful personal data processing purposes:

·       If the personal data owner has explicit consent,

·       If there is a clear regulation in the laws regarding the transfer of personal data,

·       If it is mandatory for the protection of the life or bodily integrity of the personal data owner or someone else and the personal data owner is unable to disclose his consent due to actual impossibility or if the legal validity of his consent is not recognized;

·       If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

·       If the transfer of personal data is mandatory for the Company to fulfill its legal obligation,

·       If the personal data has been made public by the personal data owner,

·       If the transfer of personal data is mandatory for the establishment, exercise or protection of a right,

·       Provided that it does not harm the fundamental rights and freedoms of the personal data owner, it is possible to transfer personal data if it is compulsory for the legitimate interests of the Company.

 

2.6.2.      Transfer of Personal Data of Special Nature

The Company shall take the necessary diligence, take the necessary security measures and take the adequate measures prescribed by the KVK Board; In line with the legitimate and lawful personal data processing purposes, the personal data of the personal data owner of special nature may be transferred to third parties in the following cases.

·     If the personal data owner has explicit consent, or

·     If there is no explicit consent of the personal data owner;

·     Personal data of special nature other than the health and sexual life of the personal data owner (race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and clothing, association, foundation or union membership, data on criminal convictions and security measures, and biometric and genetic data), in the cases stipulated in the laws,

·     Personal data of special nature related to the health and sexual life of the personal data owner can only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing.

 

2.7.       Transfer of Personal Data Abroad

2.7.1.      Transfer of Personal Data Abroad

The company does not make transfers abroad.

2.7.2.      Transfer of Personal Data of Special Nature Abroad

The company does not make transfers abroad.

3.        SECTION – Categorization of Personal Data Processed by the Company, Purposes of Processing and Retention Periods

The Company informs the personal data owner which personal data groups process which personal data within the scope of the disclosure obligation in accordance with Article 10 of the Law, the purposes of processing the personal data of the personal data owner and the retention periods.

3.1.       Categorization of Personal Data

Before the Company; In line with the legitimate and lawful personal data processing purposes of the Company, based on and limited to one or more of the personal data processing conditions specified in Article 5 of the Law, in accordance with the general principles specified in the Law, especially the principles specified in Article 4 regarding the processing of personal data, and all the obligations set forth in the Law, and limited to the groups of persons within the scope of this Policy, the following categories of personal data,  In accordance with Article 10 of the Law, the relevant persons are processed by informing them.

Categories of Personal Data

Personal Data Categorization Explained

Criminal convictions and security measures

It refers to any document containing data on Criminal Convictions and Security Measures applied to natural persons, such as criminal records.

Other

is clearly belonging to an identified or identifiable natural person; The data processed in a partially or fully automated manner or in a non-automated manner as part of the data recording system includes military status, interests, motor vehicle driving licence information, motor vehicle license plate, application evaluation information, application information, travel, entry and exit information, etc.

Finance

is clearly belonging to an identified or identifiable natural person; processed in a partially or fully automated manner or in a non-automated manner as part of a data recording system; The personal data processed regarding the information, documents and records showing all kinds of financial results created according to the type of legal relationship established by our Company with the personal data owner and information such as bank account number, IBAN number

Physical Space Security

is clearly belonging to an identified or identifiable natural person; processed in a partially or fully automated manner or in a non-automated manner as part of a data recording system; personal data relating to the records and documents taken at the entrance to the physical space and during the stay in the physical space; information such as camera recordings, audio and video recordings and recordings taken at the security point, entry time information

Audio/Visual Data

is clearly belonging to an identified or identifiable natural person; personal data such as photographs and camera recordings, voice recordings and data contained in documents that are copies of documents containing personal data, photographs shared on social media

Legal Action

Data such as the determination and follow-up of the Company's legal receivables and rights, the performance of its debts and the litigation and enforcement file information processed within the scope of its legal obligations

Communication

is clearly belonging to an identified or identifiable natural person; processed in a partially or fully automated manner or in a non-automated manner as part of a data recording system; information such as telephone number, address, e-mail address, fax number

Transaction Security

Personal data such as log records, computer user name and password information, website log-out information, IP address information processed regarding the technical, administrative, legal and commercial security of both the relevant person and the Company while carrying out the activities of the Company

Identity

is clearly belonging to an identified or identifiable natural person; processed in a partially or fully automated manner or in a non-automated manner as part of a data recording system; are the data containing information about the identity of the person, name-surname, T.R. identity number, nationality information, mother's name and father's name, place of birth, date of birth, gender including information such as driver's license, identity card and passport documents and information such as tax number

Professional Experience

is clearly belonging to an identified or identifiable natural person; processed in a partially or fully automated manner or in a non-automated manner as part of a data recording system; Data on professional experience in the resume Education status, graduation date, resume, course information, certificate information, last graduated school, specialization information

Customer Transaction

is clearly belonging to an identified or identifiable natural person; processed in a partially or fully automated manner or in a non-automated manner as part of a data recording system; data such as invoice information, payment amount

Personnel File

is clearly belonging to an identified or identifiable natural person; processed in a partially or fully automated manner or in a non-automated manner as part of a data recording system; Personal data such as SGK number, payroll information, entry-exit time records, SGK service breakdown  processed for the purpose of establishing the personal rights of real persons who are in a working relationship with the Company and obtaining information that will form the basis for the functioning of the Company's Human Resources functions

Health

is clearly belonging to an identified or identifiable natural person; processed in a partially or fully automated manner or in a non-automated manner as part of a data recording system; The data specified in Article 6 of the Law are health data, including blood type, personal data such as treatment history

 

3.2.       Purposes of Processing Personal Data

 

Employee

Data Category

Processed Data

Purposes of Processing Personal Data

v Criminal convictions and security measures

v Criminal Record

v Execution of Information Security Processes

v Execution of Employee Card Removal Processes

v Execution of employee satisfaction and loyalty processes

v Fulfillment of Obligations Arising from the Employment Contract and Legislation for Employees

v Execution of Employee Benefits and Benefits Processes

v Conducting Audit / Ethics Activities

v Enforcement of Access Authorizations

v Conducting Activities in Accordance with the Legislation

v Execution of Finance and Accounting Affairs

v Execution of Loyalty Processes to Company / Product / Services

v Ensuring Physical Space Security

v Execution of Assignment Processes

v Follow-up and Execution of Legal Affairs

v Internal Audit / Investigation / Conducting Intelligence Activities

v Conducting Communication Activities

v Planning of Human Resources Processes

v Execution / Supervision of Business Activities

v Carrying out Occupational Health / Safety Activities

v Carrying out Business Continuity Ensuring Activities

v Creation of User Accounts

v Execution of Goods / Services Purchasing Processes

v Execution of Goods / Services Sales Processes

v Execution of goods / services production and operation processes

v Execution of Customer Relationship Management Processes

v Carrying out Activities for Customer Satisfaction

v Conducting Marketing Analysis Studies

v Execution of Risk Management Processes

v Carrying out storage and archive activities

v Execution of Contract Processes

v Execution of Remuneration Policy

v Execution of Marketing Processes of Products / Services

v Ensuring the Security of Data Controller Operations

v Conducting Talent / Career Development Activities

v Providing information to authorized persons, institutions and organizations

v Execution of Management Activities

v Other - Military

v Military Status (Whether or Not He Has Done Military Service)

v Other – Clothing Size

v Clothing size

v Other - Hobbies and Interests

v  Hobby information stated on the job application form

v Other - Signature Data

v Signature   data of the person

v Other – Training Data

v  Schools, certifications,  etc. where the person has studied  .

v Finance

v Bank Name

v Bank Account Number

v IBAN number

v Salary Information

v Payment Amount

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

v Visual Recordings

v Photograph

v Legal Action

v Litigation and enforcement file information

v Communication

v Street Address Information

v E-Mail Address

v Telephone number

v Transaction Security

v Computer user name and password information

v IP address information

v Identity

v Name

v Mother's name

v Father's name

v Gender

v Date of birth

v Place of birth

v Driver's License Image

v Signature

v Identity Image

v Identification Number

v Motor Vehicle Driving License Information

v Identity Card family ordinal number

v Identity Card serial number

v Identity Card sequence no

v Population Registered Place

v Surname

v Nationality

v Professional Experience

v Computer Usage Information

v Diploma

v Course Information

v Vocational Training

v Name of the school and department graduated from

v Graduation grade

v Graduation date

v Education

v Certificate Information

v Transcript Information

v Foreign Language Knowledge

v Personnel File

v Payroll Information

v Task

v Employment Contract Information

v İŞKUR Registration Date

v Permission Information

v Profession

v Profession Code

v Resume

v SSI Service Breakdown

v Social Security / Pension Information(SSI Login)

v SSK Registration Number

v Health

v Disability Status (whether disabled)

v Disease

v Employment Periodic Inspection Form

v Blood Group Information

v  Work Accident History

v Surgery History Medical Report

 

 

Employee Candidate

Data Category

Processed Data

Purposes of Processing Personal Data

v Criminal convictions and security measures

v Conviction Status

vExecution of Employee Candidate / Intern / Student Selection and Placement Processes

vExecution of Application Processes of Employee Candidates

vConducting Communication Activities

vPlanning of Human Resources Processes

vExecution / Supervision of Business Activities

vReceiving and Evaluating Suggestions for Improving Business Processes

vConducting Talent / Career Development Activities

vCarrying out Business Continuity Ensuring Activities

v Other - Military

v Military Status (Whether or Not He Has Done Military Service)

v If Military Service Has Not Been Performed, The Reason

v Other - Areas of Interest

v Interests

v Other – Training Data

v  Schools, certifications,  etc. where the person has studied  .

v Other – Motor Vehicle Licence Information

v  Driver's License Data

v Visual Recordings

v Photograph

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

v Communication

v E-Mail Address

v Telephone number

v Identity

v Name

v Gender

v Date of birth

v Marital Status

v Motor Vehicle Driving License Information

v Surname

v Professional Experience

v Computer Usage Information

v Diploma

v Work Experience

v Course Information

v Profession

v Vocational Training

v Name of the school and department graduated from

v Graduation grade

v Graduation date

v Education

v Previous Position

v Previous Workplace Name

v Working Time at Previous Workplace

v Resume

v Certificate Information

v Foreign Language Knowledge

v Health

v Disability Status (whether disabled)

v Disease Information

v Work Accident History

v Blood Group Information

 

 

Employee Candidate Reference

Data Category

Processed Data

Purposes of Processing Personal Data

v Communication

v E-Mail Address

v Telephone number

v Execution of Employee Candidate / Intern / Student Selection and Placement Processes

v Execution of Application Processes of Employee Candidates

v Planning of Human Resources Processes

v Execution / Supervision of Business Activities

v Receiving and Evaluating Suggestions for Improving Business Processes

v Carrying out Business Continuity Ensuring Activities

v Conducting Talent / Career Development Activities

v Conducting Communication Activities

v Identity

v Name

v Surname

v Personnel File

v Workplace

v Profession

 

 

Shareholder(s)

Data Category

Processed Data

Purposes of Processing Personal Data

v Identity

v Name

v Surname

v Signature

v Identification number

v Identification Serial Number

v Identity Image

vConducting Activities in Accordance with the Legislation

vExecution / Supervision of Business Activities

vExecution of Contract Processes

vProviding information to authorized persons, institutions and organizations

vExecution of Management Activities

vExecution of Investment Processes

vCarrying out Business Continuity Ensuring Activities

v Communication

v E-Mail Address

v Telephone number

v  Residential Address

v Legal Action

v Litigation and enforcement file information

v Other – Partnership Information

v Share Amount

v Capital Information

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

v Finance

v IBAN Number

v Bank Account Number

v Payment Amount

v Bank Name

v Payment Description

v Visual Recordings

v Photograph

 

v Other - Signature Data

v Signature   data of the person

 

v Health

v Disability Status (whether disabled)

v Blood group information

v Surgery History

v Disease Information (Health Report)

 

 

 

 

Service Provider

Data Category

Processed Data

Purposes of Processing Personal Data

v Finance

v Bank Name

v Bank Account Number

v IBAN number

v Conducting Audit / Ethics Activities

v Conducting Activities in Accordance with the Legislation

v Execution of Finance and Accounting Affairs

v Execution of Loyalty Processes to Company / Product / Services

v Follow-up and Execution of Legal Affairs

v Internal Audit / Investigation / Conducting Intelligence Activities

v Conducting Communication Activities

v Conducting Business Activities

v Execution / Supervision of Business Activities

v Execution of Logistics Activities

v Execution of Goods / Services Purchasing Processes

v Execution of Goods / Services After-Sales Support Services

v Execution of Goods / Services Sales Processes

v Execution of goods / services production and operation processes

v Execution of Customer Relationship Management Processes

v Carrying out Activities for Customer Satisfaction

v Carrying out storage and archive activities

v Execution of Contract Processes

v Execution of Supply Chain Management Processes

v Execution of Remuneration Policy

v Execution of Marketing Processes of Products / Services

v Providing information to authorized persons, institutions and organizations

v Execution of Management Activities

v Legal Action

v Litigation and enforcement file information

v Communication

v Street Address Information

v Address

v E-Mail Address

v Telephone number

v Identity

v Name- Surname

v Identification Number

 

 

v Other - Signature Data

v Signature   data of the person

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

 

 

Service Provider Employee

Data Category

Processed Data

Purposes of Processing Personal Data

v Identity

v  Surname

v  Name

v  Signature

v Conducting Audit / Ethics Activities

v Conducting Activities in Accordance with the Legislation

v Execution of Finance and Accounting Affairs

v Execution of Logistics Activities

v Conducting Communication Activities

v Conducting Business Activities

v Execution of Goods / Services Purchasing Processes

v Execution of Goods / Services After-Sales Support Services

v Execution of Contract Processes

v Execution of Supply Chain Management Processes

v Execution of Remuneration Policy

v Execution of Marketing Processes of Products / Services

v Providing information to authorized persons, institutions and organizations

v Execution of Management Activities

v Communication

v  E-Mail Address

v  Telephone number

v Other - Signature Data

v  Signature   data of the person

v Physical Space Security

v  Check-out Time

v  Check-in Time

v  Security Camera Recording

 

 

 

Potential Product or Service Buyer

Data Category

Processed Data

Purposes of Processing Personal Data

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

vExecution of Loyalty Processes to Company / Product / Services

vExecution of Assignment Processes

vConducting Communication Activities

vExecution / Supervision of Business Activities

vCarrying out Business Continuity Ensuring Activities

vExecution of Goods / Services Sales Processes

vExecution of Customer Relationship Management Processes

vConducting Marketing Analysis Studies

vExecution of Contract Processes

vExecution of Management Activities

v Identity

v Name

v Surname

 

 

v Intern

v Data Category

v Processed Data

v Purposes of Processing Personal Data

v Communication

v E-Mail Address

v Telephone number

vFulfillment of Obligations Arising from the Employment Contract and Legislation for Employees

vConducting Activities in Accordance with the Legislation

vEnsuring Physical Space Security

vPlanning of Human Resources Processes

vCarrying out storage and archive activities

vExecution of Contract Processes

vProviding information to authorized persons, institutions and organizations

vExecution of Management Activities

vConducting Talent / Career Development Activities

v Identity

v Name

v Signature

v Identification Number

v Student Number

v Surname

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

v Finance

v Bank Name

v Bank Account Number

v IBAN number

v Payment Amount

 

Supplier

Data Category

Processed Data

Purposes of Processing Personal Data

v Other - Signature Data

v Signature   data of the person

vConducting Audit / Ethics Activities

vConducting Activities in Accordance with the Legislation

vExecution of Finance and Accounting Affairs

vExecution of Loyalty Processes to Company / Product / Services

vFollow-up and Execution of Legal Affairs

vInternal Audit / Investigation / Conducting Intelligence Activities

vConducting Communication Activities

vConducting Business Activities

vExecution / Supervision of Business Activities

vExecution of Logistics Activities

vExecution of Goods / Services Purchasing Processes

vExecution of Goods / Services After-Sales Support Services

vExecution of Goods / Services Sales Processes

vExecution of goods / services production and operation processes

vExecution of Customer Relationship Management Processes

vCarrying out Activities for Customer Satisfaction

vCarrying out storage and archive activities

vExecution of Contract Processes

vExecution of Supply Chain Management Processes

vExecution of Remuneration Policy

vExecution of Marketing Processes of Products / Services

vProviding information to authorized persons, institutions and organizations

vExecution of Management Activities

v Finance

v Bank Name

v Bank Account Number

v Iban Number

v Payment Amount

v Legal Action

v Litigation and Enforcement File Information

v Communication

v Street Address Information

v E-Mail Address

v Telephone number

v Identity

v Name

v Signature

v Registered Tax Office

v Identification Number

v Surname

v Tax Identification Number

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

 

Supplier Employee

Data Category

Processed Data

Purposes of Processing Personal Data

v Other - Signature Data

v Signature   data of the person

vConducting Audit / Ethics Activities

vConducting Activities in Accordance with the Legislation

vExecution of Finance and Accounting Affairs

v Execution of Logistics Activities

vConducting Communication Activities

vConducting Business Activities

vExecution of Goods / Services Purchasing Processes

vExecution of Goods / Services After-Sales Support Services

vExecution of Contract Processes

vExecution of Supply Chain Management Processes

vExecution of Remuneration Policy

vExecution of Marketing Processes of Products / Services

vProviding information to authorized persons, institutions and organizations

vExecution of Management Activities

v Communication

v E-Mail Address

v  Phone Number

v Identity

v Name

v Surname

v Legal Action

v Litigation and Enforcement File Information

 

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

 

v Finance

v Bank Name

v Bank Account Number

v Iban Number

v Payment Amount

 

 

 

Product or Service Recipient

Data Category

Processed Data

Purposes of Processing Personal Data

v Communication

v Street Address Information

v E-Mail Address

v Telephone number

vConducting Activities in Accordance with the Legislation

vExecution of Finance and Accounting Affairs

vExecution of Loyalty Processes to Company / Product / Services

vFollow-up and Execution of Legal Affairs

vInternal Audit / Investigation / Conducting Intelligence Activities

vExecution / Supervision of Business Activities

vExecution of Goods / Services Purchasing Processes

vExecution of Goods / Services Sales Processes

vExecution of goods / services production and operation processes

vExecution of Customer Relationship Management Processes

vCarrying out Activities for Customer Satisfaction

vCarrying out storage and archive activities

vExecution of Contract Processes

vExecution of Remuneration Policy

vExecution of Marketing Processes of Products / Services

vProviding information to authorized persons, institutions and organizations

vExecution of Management Activities

v Identity

v Surname

v Name

v Identification Number

v Tax Identification Number

v Tax Office

v Signature

v Finance

v Bank Name

v Bank Account Number

v IBAN number

v Payment Amount

v Payment Description

v Customer Transaction

v Billing Information

v Payment Amount

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

 

 

 

Visitor

Data Category

Processed Data

v Purposes of Processing Personal Data

v Identity

v Name

v Surname

vConducting Activities in Accordance with the Legislation

vExecution of Loyalty Processes to Company / Product / Services

vFollow-up and Execution of Legal Affairs

vInternal Audit / Investigation / Conducting Intelligence Activities

vExecution / Supervision of Business Activities

vExecution of Goods / Services Purchasing Processes

vExecution of Goods / Services Sales Processes

vExecution of goods / services production and operation processes

vExecution of Customer Relationship Management Processes

vCarrying out Activities for Customer Satisfaction

vCarrying out storage and archive activities

vExecution of Contract Processes

vExecution of Remuneration Policy

vExecution of Marketing Processes of Products / Services

vProviding information to authorized persons, institutions and organizations

vExecution of Management Activities

v Personnel File

v   Institution Information

v Other - Motor Vehicle Data

v Vehicle Information

v Vehicle License Plate

 

v Physical Space Security

v Check-out Time

v Check-in Time

v Security Camera Recording

 

 

The Company processes personal data limited to the purposes and conditions within the personal data processing conditions specified in Article 5, paragraph 2 and Article 6, paragraph 3 of the Law. These purposes and conditions are;

ü  You have given your explicit consent to the processing of your personal data

ü  The processing of your personal data by the Company is directly related to and necessary for the conclusion or performance of a contract

ü  Provided that your personal data has been made public by you; processing of you by the Company in a limited manner for the purpose of publicization

ü  The processing of your personal data by the Company is mandatory for the establishment, exercise or protection of the rights of our Company or you or third parties

ü  Provided that it does not harm your fundamental rights and freedoms, it is mandatory to carry out personal data processing activities for the legitimate interests of our Company,

ü  In terms of the personal data of special nature related to the health and sexual life of the personal data owner, it is the processing of the persons under the obligation of confidentiality or by the authorized institutions and organizations for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing.

 

 

3.3.       Retention Periods of Personal Data

If stipulated in the relevant laws and regulations, the Company keeps the personal data for the period specified in these legislations. If a period of time is not regulated in the legislation regarding how long the personal data should be stored, the Personal Data is processed for the period that requires the processing in accordance with the practices of the Company and the practices of the commercial life depending on the activity carried out by the Company while processing the data, and then deleted, destroyed or anonymized.

The purpose of processing personal data has ended; if the retention periods determined by the relevant legislation and the Company have also come to an end; Personal data can only be stored for the purpose of constituting evidence in possible legal disputes or asserting the relevant right related to personal data or establishing a defense. In the establishment of the periods herein, the retention periods are determined on the basis of the time-out periods for the assertion of the aforementioned right and the examples of the requests previously made to the Company on the same issues despite the expiration of the time-out periods. In this case, the stored personal data is not accessed for any other purpose and access to the relevant personal data is provided only when it is necessary to use it in the relevant legal dispute. After the expiry of the aforementioned period, personal data are deleted, destroyed or anonymized.

DATA CATEGORY

 

DATA RETENTION PERIOD                      

    (maximum)

Criminal convictions and security measures

10 years from the Termination of the Legal Relationship

Other - Military Service

1 year from the Termination of the Legal Relationship

Other - Areas of Interest

1 year from the Termination of the Legal Relationship

Other - Driver's License

10 Years from the Termination of the Legal Relationship

Other - Signature

10 Years from the Termination of the Legal Relationship

Other – Clothing Size Information

1 year from the Termination of the Legal Relationship

Finance

10 Years from the Termination of the Legal Relationship

Physical Space Security

2 Months from the Termination of the Legal Relationship

Visual Recordings

10 Years from the Termination of the Legal Relationship

Legal Action

10 Years from the Termination of the Legal Relationship

Communication

10 years from the Termination of the Legal Relationship

Transaction Security

10 years from the Termination of the Legal Relationship

Identity

15 Years from the Termination of the Legal Relationship

Professional Experience

10 Years from the Termination of the Legal Relationship

Customer Transaction

10 Years from the Termination of the Legal Relationship

Aslam

10 years from the Termination of the Legal Relationship

Health

10 Years from the Termination of the Legal Relationship

 

4.        SECTION – Third Parties to whom Personal Data is transferred by the Company and the purposes of transfer

In accordance with Article 10 of the Law, the Company notifies the personal data owner of the groups of persons to whom the personal data are transferred. In accordance with Article 8 of the Company's Law, the personal data of the data owners managed by the Policy may be transferred to the following categories of persons:

·       To the company officials,

·       To legally authorized public institutions and organizations,

·       With legally authorized private law persons

The scope of the above-mentioned persons to whom the transfer is made and the purposes of data transfer are stated below.

Persons to whom data can be transferred

Definition

Purpose of Data Transfer

Legally Authorized Public Institutions and Organizations

Public institutions and organizations authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislation (Ministry)

Limited to the purpose requested by the relevant public institutions and organizations within the scope of their legal authority

Real Persons or Private Law Legal Entities

Private law persons authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislation (Independent Audit, Product or Service Recipient, OHS, Banks, Accounting Systems, E-Archive Invoice Service Providers)

It can be transferred limited to the purpose requested by the relevant private law legal entities within the scope of their legal authority in accordance with the provisions of the legislation.

To Company Officials

Persons who have management and supervisory authority within the company

Data transfer can be made to the Company authorities in order to ensure business continuity by carrying out the company's management and audit processes.

 

5.        SECTION – Processing of Personal Data Based on and Limited to the Processing Conditions in the Law

The Company enlightens the personal data owner about the personal data it processes in accordance with Article 10 of the Law.

5.1.   Processing of Personal Data and Personal Data of Special Nature

5.1.1.      Processing of Personal Data

The explicit consent of the personal data owner is only one of the legal bases that make it possible to process personal data in accordance with the law. Apart from explicit consent, personal data may also be processed in the presence of one of the other conditions written below. The basis of the personal data processing activity may be only one of the following conditions, or more than one of these conditions may be the basis of the same personal data processing activity. In the event that the processed data is personal data of special nature; The terms set out in heading 5.1.2. below under this section apply.

Although the legal bases for the processing of personal data by our Company vary, all kinds of personal data processing activities are acted in accordance with the general principles specified in Article 4 of the Law.

a.     Finding the Explicit Consent of the Personal Data Owner

One of the conditions for the processing of personal data is the explicit consent of the owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and with free will.

For personal data processing activities other than the purpose of processing (primary processing) for the reasons for obtaining personal data (secondary processing), at least one of the conditions set out in b, c, d, e, f, g and h of this title is sought; If one of these conditions is not present, these personal data processing activities are carried out by the Company based on the explicit consent of the personal data owner for these processing activities.

In order to process the personal data depending on the explicit consent of the personal data owner, the explicit consent of the relevant persons is obtained with the relevant methods.

b.     Explicitly Stipulated in the Laws

The personal data of the data owner may be processed in accordance with the law if it is explicitly stipulated in the law.

c.      Failure to Obtain the Explicit Consent of the Person Concerned Due to Actual Impossibility

The personal data of the data owner may be processed if it is mandatory to process the personal data in order to protect the life or body integrity of the person who is unable to explain his/her consent due to actual impossibility or whose consent cannot be recognized as valid.

d.     Direct Involvement in the Establishment or Performance of the Contract

Provided that it is directly related to the establishment / performance of a contract, it is possible to process personal data if it is necessary to process the personal data of the parties to the contract. Data such as name and surname, which are indispensable elements of the contract, can be shown as examples.

e.      Fulfillment of Legal Obligation

The personal data of the data owner may be processed if the processing is mandatory for the Company to fulfill its legal obligations as the data controller. The data that the Company is obliged to process by law can be shown as an example.

f.       Publicization of Personal Data by the Personal Data Owner

If the personal data of the data owner has been made public by him/herself, the relevant personal data may be processed.

g.      Data Processing is Mandatory for the Establishment or Protection of a Right

If data processing is mandatory for the establishment, use or protection of a right, the personal data of the personal data owner may be processed.

h.     Necessity of Data Processing for the Legitimate Interest of the Data Controller

The data data may be processed if the data processing is mandatory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the personal data owner. In order to ensure security, recording with security cameras can be shown as an example.

5.1.2.      Processing of Personal Data of Special Nature

If the personal data of special nature are not explicitly consented by the Company, but provided that adequate measures to be determined by the Personal Data Protection Authority are taken, the personal data of special nature other than the health and sexual life of the personal data owner are processed in the cases stipulated in the laws:

 

ü  If the personal data owner has explicit consent, it can be processed. 

ü  If the personal data owner does not have explicit consent:

·       Personal data of special nature other than the health and sexual life of the personal data owner, in the cases stipulated in the laws,

·       The personal data of special nature related to the health and sexual life of the personal data owner are processed only by the persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing.

 

6.        SECTION Building, Facility Entrances and Personal Data Processing Activities Carried Out Within the Building Facility and Website Visitors

The personal data processing activities carried out by the Company at the Company's entrances and within the Company are carried out in accordance with the Constitution, the Law and other relevant legislation. Personal data processing activities are carried out by the Company in order to ensure security.

Due to the fact that the data controller has a legitimate interest, your personal data is processed through security cameras and the data processed for the purpose of ensuring the security of the physical place are not transferred abroad.

7.        SECTION – Deletion, Destruction and Anonymization of Personal Data

Although the Company has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Criminal Code and Article 7 of the Law, personal data shall be deleted, destroyed or anonymized in accordance with the Company's own decision or upon the request of the personal data owner in the event that the reasons requiring the processing disappear.

8.        Issues Regarding the Protection of Personal Data

In accordance with Article 12 of the Law, the Company takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the retention of the data, and to carry out or have the necessary audits carried out in this context.

 

9.        Ensuring the Security of Personal Data

9.1.1.      Technical and Administrative Measures Taken to Ensure the Processing of Personal Data in Accordance with the Law

In order to ensure that personal data is processed in accordance with the law, the Company takes technical and administrative measures according to technological possibilities and implementation costs.

Technical Measures Taken to Ensure the Processing of Personal Data in Accordance with the Law

ü  Network security and application security are ensured.

ü  Security measures are taken within the scope of information technology systems supply, development and maintenance.

ü  The security of personal data stored in the cloud is ensured.

ü  Data processing center (server room) entrances and exits are made with a combination door system.

ü  Up-to-date anti-virus systems are used.

ü  Firewalls are used.

ü  Extra security measures are taken for personal data transferred via paper and the relevant documents are sent in confidential document format.

ü  User-based random data flow control is carried out.

ü  User authorizations are checked monthly.

ü  Personal data is backed up and the security of the backed up personal data is also ensured.

ü  Existing risks and threats have been identified

ü  Intrusion prevention systems are used.

ü  Cyber security measures have been taken and their implementation is constantly monitored.

ü  The security of the personal data stored on the server is ensured.

ü  Encryption is performed.

ü  The data of special quality persons transferred on portable memory, CD, DVD media are encrypted and transferred.

ü  Data loss prevention software is used.

ü  Service providers that process data are periodically audited for data security.

ü  Service providers that process data are made aware of data security.

 

9.1.2.      Retention of Personal Data in Secure Environments

The Company takes the necessary technical and administrative measures according to the technological facilities and the cost of implementation in order to store personal data in secure environments and to prevent them from being destroyed, lost or altered for unlawful purposes

 

Technical Measures Taken to Store Personal Data in Secure Environments

The main technical measures taken by the Company for the storage of personal data in secure environments are listed below:

ü  Systems suitable for technological developments are used to store personal data in secure environments.

ü  Backup programs are used in accordance with the law to ensure that personal data is stored securely.

ü  Access to the data is restricted to the environments where personal data are kept and only authorized persons are allowed to access these data limited to the purpose of storing the personal data, and the accesses to the data storage areas where the personal data are located are logged and inappropriate accesses or access attempts are instantly transmitted to the relevant persons.

 

Administrative Measures Taken to Store Personal Data in Secure Environments

The main administrative measures taken by the Company for the storage of personal data in secure environments are listed below:

ü  Employees are trained to ensure that personal data is stored securely.

ü  Legal and technical consultancy services are taken to follow the developments in the field of information security, privacy of private life and protection of personal data and to take the necessary actions.

ü  In the event that an external service is received by the Company due to technical requirements for the storage of personal data, the contracts concluded with the relevant companies to which the personal data are transferred in accordance with the law; provisions are included that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and ensure that these measures are complied with in their own organizations.

 

9.1.3.      Supervision of the Measures Taken for the Protection of Personal Data

In accordance with Article 12 of the Law, the Company conducts or has the necessary audits carried out within its own structure. The results of these audits are reported to the relevant department within the scope of the internal functioning of the Company and necessary activities are carried out to improve the measures taken.

9.1.4.      Precautions to be Taken in Case of Unauthorized Disclosure of Personal Data

The Company carries out the system that ensures that if the personal data processed in accordance with Article 12 of the Law is obtained by others through illegal means, this situation is notified to the relevant Personal Data Owner and the Personal Data Protection Authority as soon as possible. If deemed necessary by the Personal Data Protection Authority, this may be announced on the website of the Personal Data Protection Authority or by any other method.

9.2.           Observance of the Rights of the Data Subject and Evaluation of the Requests of the Data Subjects

The Company carries out the necessary channels, internal functioning, administrative and technical arrangements in accordance with Article 13 of the Law in order to evaluate the rights of the relevant persons and to provide the necessary information to the relevant persons.

In the event that the relevant persons submit their requests regarding the rights listed below to the Company in writing, the Company concludes the request free of charge as soon as possible and not exceeding thirty days according to the nature of the request. However, if a fee is stipulated by the KVK Board, the Company may charge the fee in the tariff determined by the Personal Data Protection Authority. Relevant persons;

·       To learn whether personal data is processed or not,

·       If their personal data has been processed, to request information about it,

·       To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

·       To know the third parties to whom personal data are transferred domestically or abroad,

·       In case the personal data are processed incompletely or incorrectly, to request their correction and to request that the transaction carried out within this scope be notified to the third parties to whom the personal data are transferred,

·       Requesting the deletion or destruction of personal data in the event that the reasons requiring the processing of personal data disappear, even though they have been processed in accordance with the provisions of the Law and other relevant laws, and requesting that the transaction carried out within this scope be notified to the third parties to whom the personal data has been transferred,

·       To object to the occurrence of a result against the person himself by analyzing the processed data exclusively by means of automatic systems,

·       In the event that personal data is damaged due to unlawful processing, they have the right to request the compensation of the damage and the rights of the data owners are given more detailed information within the scope of the following sections of this Policy.

 

10.      SECTION – Rights of Relevant Persons; Exercise and Evaluation of These Rights

The Company informs itself of the rights of the personal data owner in accordance with Article 10 of the Law, guides the personal data owner on how to use these rights, and the Company carries out the necessary channels, internal functioning, administrative and technical arrangements in accordance with Article 13 of the Law in order to evaluate the rights of the relevant persons and to provide the necessary information to the relevant persons

10.1.        Rights of the Data Subject and Exercising These Rights

10.1.1.   Rights of the Personal Data Owner

The persons concerned have the following rights:

·       To learn whether personal data is processed or not,

·       If their personal data has been processed, to request information about it,

·       To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

·       To know the third parties to whom personal data are transferred domestically or abroad,

·       In case the personal data are processed incompletely or incorrectly, to request their correction and to request that the transaction carried out within this scope be notified to the third parties to whom the personal data are transferred,

·       Requesting the deletion or destruction of personal data in the event that the reasons requiring the processing of personal data disappear, even though they have been processed in accordance with the provisions of the Law and other relevant laws, and requesting that the transaction carried out within this scope be notified to the third parties to whom the personal data has been transferred,

·       To object to the occurrence of a result against the person himself by analyzing the processed data exclusively by means of automatic systems,

·       Requesting the compensation of the damage in case the personal data is damaged due to unlawful processing

 

10.1.2.   Circumstances in which the data subject cannot assert his rights

Since the following cases are excluded from the scope of the Law pursuant to Article 28 of the Law, the persons concerned cannot assert their rights listed in 10.1.1. in these matters:

·       Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.

·       The processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.

·       Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations mandated and authorized by law in order to ensure national defense, national security, public security, public order or economic security.

·       Processing of personal data by judicial or enforcement authorities in connection with investigation, prosecution, trial or execution proceedings.

·       In accordance with Article 28/2 of the Law; Except for the right to claim compensation for damages, the persons concerned shall not assert any of the other rights enumerated in 10.1.1. in the following cases:

·       The processing of personal data is necessary for the prevention of crime or for the investigation of a crime.

·       Processing of personal data made public by the personal data owner himself/herself.

·       The processing of personal data is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations that are public institutions based on the authority given by the law.

·       The processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and financial matters.

 

10.1.3.   Exercising the Rights of the Persons Concerned

The relevant persons may submit their requests regarding their rights listed under the heading 10.1.1. of this section with the information and documents that will identify their identity and by the methods specified below or by other methods determined by the Personal Data Protection Board at https://www.deka.com. tr / by filling out the application form available at kvkk@deka.com.tr. tr / and sending a wet signed copy of it to the address "10038 Sokak No: 1 A.O.S.B / Çiğli /İZMİR" by hand, registered mail with return receipt requested or via notary public or electronically to the e-mail address kvkk@deka.com.tr or to the e-mail address of our Company registered at dekayuzey@hs01.kep.tr kep address.

In order for third parties to request an application on behalf of the relevant persons, there must be a special power of attorney issued by the data owner through a notary public on behalf of the person who will make the application.

 

10.1.4.   Right of Personal Data Owner to Complain to KVK Board

In the event that the personal data owner rejects the application in accordance with Article 14 of the Law, the response given is found to be insufficient or the application is not responded to in time; It may file a complaint with the KVK Board within thirty days from the date of learning the Company's reply and possibly within sixty days from the date of application.

 

10.2.        The Company's Response to Applications

Applications regarding personal data processing activities must be made to the Company. The Company will respond to the applications submitted to it in accordance with the contact requests contained in the form. If the application is made by the relevant person without using the application form, the application made by the relevant person may be answered by the notary public or by mail in accordance with the application.

10.2.1.   Information that the Company may request from the personal data owner who applies

The Company may request information from the relevant person in order to determine whether the applicant is the personal data owner or not. In order to clarify the issues included in the application of the personal data owner, the Company may ask the personal data owner about the application.

10.2.2.   The Company's Right to Reject the Application of the Personal Data Owner

The Company may reject the applicant's application by explaining the reason in the following cases:

·       Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.

·       The processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.

·       Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations mandated and authorized by law in order to ensure national defense, national security, public security, public order or economic security.

·       Processing of personal data by judicial or enforcement authorities in connection with investigation, prosecution, trial or execution proceedings.

·       The processing of personal data is necessary for the prevention of crime or for the investigation of a crime.

·       Processing of personal data made public by the personal data owner himself/herself.

·       The processing of personal data is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations that are public institutions based on the authority given by the law.

·       The processing of personal data is necessary for the protection of the economic and financial interests of the state.

·       The request of the personal data owner is likely to prevent the rights and freedoms of other persons

·       Requests have been made that require disproportionate effort.

·       The information requested is public information

 

Title: Deka Yüzey Teknolojileri Makine İmalat Sanayi ve Ticaret Limited Company

Phone Number: +90 (0232) 328 06 99

Postal Address: 10038 Sokak No:1 A.O.S.B/ Çiğli/İZMİR

Email address: kvkk@deka.com.tr

Kep address: dekayuzey@hs01.kep.tr