POLICY

PROCESSING AND
PROTECTION OF PERSONAL DATA UNDER THE LAW 6698

POLICY ON
PROCESSING AND
PROTECTION OF PERSONAL DATA UNDER THE LAW 6698
Version: 2.0

Contents

Chapter 1. Purpose and Enforcement of Policy

  1. Processing of Personal Data by Our Company

  2. Personal Data Security

Section 4. Rights of Data Owners Under the Law

  1. Rights of Data Owners

  2. Exercise of Rights

Chapter 1. Purpose and Enforcement of the Policy The Law on the Protection of Personal Data ( “Law 66) No. 6698 ( “ Law ” ) entered into force on 7 April 2016. The law sets out the procedures and principles for the processing of personal data by real or legal persons, classified as sorum data responsible kişisel of personal data and specifying the purposes and means of processing personal data, responsible for the establishment and management of the data recording system.

In the scope of the Law, personal data shall be provided as her any information relating to an identifiable or identifiable natural person;; processing means işleme the acquisition, storage, storage, storage, modification, reorganization, disclosure, transfer, acquisition, classification of business data, whether fully or partially automated or as part of any data recording system. or any processing of data such as the prevention of its use..

The law, among other regulations, obliges data officers to inform / disclose data holders whose personal data will be processed during the acquisition of personal data. According to Article 10 of the Law, the responsible persons are the owners of the data;

  • The identity of the data officer and the representative, if any,

  • The purpose for which personal data will be processed,

  • To whom and for what purpose the personal data processed can be transferred,

  • Method and legal reason of personal data collection,

  • Other rights listed in Article 11 of the Law,

matters.

This document ( “Policy” ) has been drafted for the purpose of clarifying the real persons in which the Company has processed its personal data as the data officer. The subject of this Policy is the Company’s customers, shareholders, officials and employees of corporate customers, potential customers, shareholders, officials and employees of our business partners and suppliers, candidates working with our Company, former employees and trainees, retired persons, visitors, company authorities, shareholders, business partners and supplier candidates and other third parties matters regarding the processing of personal data about our employees are regulated within the scope of a separate policy text presented to employees in accordance with the Law.

Section 2. Scope of the Law and the Rights and Obligations of the Company arising from the Law

  1. General Principles for the Processing of Personal Data

Pursuant to Article 4 of the Law, personal data shall be processed in accordance with the procedures and principles stipulated in the Law and other relevant legislation. In this context, the data responsible shall be obliged to comply with the following general principles regarding the processing of personal data, except for the fulfillment of the illumination obligation set out in Section 1 above:

  • Compliance with the law and the rules of honesty.

  • Accurate and up to date when necessary.

  • Processing for specific, clear and legitimate purposes.

  • To be connected, limited and restrained for the purpose they are committed.

  • Retention for the period required by the relevant legislation or for the purpose for which it was processed.

  1. Personal Data Processing and Sharing Purposes Under the Law

a. Purposes of Personal Data Processing

As a rule, personal data cannot be processed without the express consent of the data owner. However, the Law sets out a number of situations in which data can be processed without explicit consent in terms of personal data and special personal data under Articles 5 and 6.

Personal data in accordance with Article 5,

  • Clearly stipulating data processing in the law,

  • In order to protect the life or physical integrity of the person who is unable to disclose his / her consent due to the impossibility or whose consent is not granted legal validity, it is obligatory to process the relevant data,

  • The processing of personal data of the parties to the contract is required, provided that it is directly related to the establishment or performance of a contract,

  • Data processing is mandatory for the data officer to fulfill his legal obligation,

  • The personal data are publicized by the person concerned,

  • Data processing is mandatory for the establishment, use or protection of a right,

  • Providing that data is compulsory for the legitimate interests of the data officer, provided that they do not harm the fundamental rights and freedoms of the person concerned,

in the event that the data owner does not have prior express consent (provided the necessary lighting is provided).

On the other hand, the law is biometric with data on race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures. and defined genetic data as “special quality” or “sensitive” personal data and imposed more stringent requirements for their processing. Accordingly, private personal data may only be processed under the following conditions, except where expressly consented to by the data owner:

  • The data related to race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, costume and dress, association, foundation or union membership, criminal convictions and security measures and biometric and genetic data of individuals can be processed in the cases stipulated in the laws.

  • Personal data relating to health and sexual life can only be processed by persons or authorized institutions and organizations under the obligation to preserve public health, preventive medicine, medical diagnosis, treatment and care, planning and management of health care and financing.

b. Personal Data Sharing Objectives

In accordance with data processing, the sharing (transfer) of personal data with a third party is also subject to the express consent of the relevant data holder. However, in accordance with Article 8 of the Law, data transfer can also be carried out under conditions that allow data processing, and personal data or private personal data may be transferred even if the data owner’s consent is not available under the conditions set out in Section 2.II.a above.

The law provides for the transfer of personal data to third parties for special conditions. Accordingly, personal data;

  • If the data owner has explicit consent, or

  • In cases where the data owner does not have explicit consent but one or more of the other conditions mentioned above are met;

o Adequate protection in the country in which the data is transmitted and

o In case of insufficient protection in the country in which the data is transferred, the data officer shall undertake adequate protection in writing with the data officer in the relevant foreign country and the permission of the Personal Data Protection Board is obtained.

can be transferred abroad.

  1. Exceptions to the Law

Pursuant to Article 28 of the Law, the Law shall not apply:

  • Processing of personal data in the context of activities related to him or his family members living in the same dwelling by natural persons, provided that they are not passed on to third parties and that data security obligations are followed.

  • Processing of personal data for purposes such as research, planning and statistics through anonymization with official statistics.

  • The processing of personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national criminal defense, national security, public security, public order, economic security, privacy or personal rights.

  • Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to provide national defense, national security, public security, public order or economic security.

  • The processing of personal data by judicial authorities or enforcement authorities with respect to investigations, prosecutions, proceedings or executions.

Part 3. Processing of Personal Data by Our Company

I. Categorization of Personal Data Processed by Our Company

Personal data are processed by our company under the following categories:

Data Category

Personal Data Categorization Description

Identity Information

Information on documents such as driving license, identity card, residence, passport, legal identity, marriage certificate (eg TCKN, passport number, identity card serial number, name-doyad, photo, place of birth, date of birth, age, registered place of birth, case of birth certificate)

Communication information

Information used to contact the person (eg e-mail address, phone number, mobile number, address)

Location Data

Data for locating the owner of the data (eg location data acquired during driving)

Customer information

Information on customers who benefit from our products and services (eg customer ID, occupational information, etc.)

Customer Transaction Information

Information on any transactions performed by customers who benefit from our products and services (eg requests and instructions, order and basket information, etc.)

Physical Space

Security Information

Personal data related to the records and documents received during the entrance to the physical place, during the stay in the physical place (eg entry-exit logs, visit information, camera recordings, etc.)

Transaction Security Information

Personal data processed in order to ensure the technical, administrative, legal and commercial security of our Company and related parties (eg information such as website password and password indicating that the person associated with the personal data owner and the person authorized to do so)

Risk Management Knowledge

Personal data processed (eg IP address, Mac ID, etc.) to manage our company’s commercial, technical and administrative risks

Financial Information

Personal data within the scope of information, documents and records showing all kinds of financial results created according to the type of legal relationship with the personal data owner (For example: information showing the financial result of the transactions of the data owner, credit amount, card information, loan payments, interest amount and rate to be paid) , debt balance, receivables balance, etc.)

Personal Information

Personal data (all kinds of information and documents that are required by law to be included in the personal file) which are the basis for the personal rights of the employees of the suppliers of the Company

Employee Candidate Information

Personal data (eg resume, interview notes, results of personality tests, etc.) used by the data owners who share their information to apply for a job at our Company.

Employee Transaction Information

Personal data regarding all kinds of work performed by the Company’s supplier employees (eg entry-exit records, business trips, information on meetings attended, security query, mail traffic tracking information, vehicle usage information, company card expenditure information)

Employee Performance and Career Development Knowledge

Personal data (eg performance evaluation reports, interview results, career development trainings) processed to measure the performance of the Company’s supplier employees and to plan and conduct career development within the scope of human resources policies

Benefits and

Knowledge of Interests

Personal data (eg private health insurance, vehicle allocation) to monitor the benefits and benefits offered to the supplier employees of the Company and to make use of the supplier employees.

Marketing Knowledge

The data to be used by our company in marketing activities (eg, the habits of the person collected for marketing purposes, reports and evaluations showing appreciation, targeting information, cookie records, data enrichment activities)

Legal Procedure and

Compliance Information

Personal data processed for the purpose of determination and monitoring of legal receivables and rights and the execution of debts and legal obligations (eg data in documents such as court and administrative authority decision)

Inspection and Inspection

information

Personal data processed within the scope of our company’s legal obligations and compliance with company policies (eg audit and inspection reports, related interview records and similar records)

Special Qualified Personal

Data

Data about the race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, costume and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures

Request / Complaints

Management Information

Personal data regarding the receipt and evaluation of any requests or complaints addressed to our Company (eg requests and complaints to the Company, records and reports related to them)

Audio and Visual Data

Audiovisual records associated with the personal data owner (eg photographs, camera recordings and audio recordings)

II. Purposes of Processing Personal Data by Our Company

Our Company processes personal data within the scope mentioned above for the following purposes:

  • Planning, auditing and execution of information security processes

  • Establishment and management of information technology infrastructure

  • Planning and execution of benefits and benefits for employees

  • Planning and / or executing corporate social responsibility and / or corporate social responsibility and / or non-governmental activities involving employees

  • Planning and execution of employee access rights

  • Monitoring and / or auditing of employees’ business activities

  • Monitoring of finance and / or accounting

  • Follow-up of legal affairs

  • Planning of human resources processes

  • Planning and / or execution of activities / efficiency and / or appropriateness analyzes of business activities

  • Planning and execution of business activities

  • Planning and enforcing business partners and / or suppliers’ access to information

  • Management of relationships with business partners and / or suppliers

  • Planning and / or execution of occupational health and / or safety processes

  • Planning and / or execution of business continuity activities

  • Planning and execution of corporate communication activities

  • Planning and execution of corporate governance activities

  • Planning and execution of logistics activities

  • Planning and execution of customer relationship management processes

  • Planning and / or execution of customer satisfaction activities

  • Tracking customer demands and / or complaints

  • Carrying out personnel recruitment processes

  • Fulfillment of contractual and / or regulatory obligations for employees

  • Planning and execution of company audit activities

  • Planning and execution of external training activities

  • Planning and execution of operational activities necessary to ensure the conduct of company activities in accordance with company procedures and / or relevant legislation

  • Planning and / or execution of in-house training activities

  • Planning and execution of in-house orientation activities

  • Ensuring the safety of company operations

  • Within the scope of our Shopping Loan service and similar services, your TCKN information and other necessary information will be shared with our business partners especially in our Shopping Loan process and your pre-approved credit limits will be questioned by banks and your pre-approved credit limits will be shown to you during your shopping.

  • Ensuring the security of company premises and / or facilities

  • Planning and / or execution of the processes of establishing and / or increasing the commitment to the products and / or services offered by the company

  • Planning and / or execution of the company’s production and / or operational risk processes

  • Realization of company and partnership law transactions

  • Monitoring of contractual processes and / or legal requests

  • Execution of strategic planning activities

  • Planning and execution of supply chain management processes

  • Wage management

  • Planning and execution of production and / or operational processes

  • Planning and execution of market research activities for sales and marketing of products and services

  • Planning and execution of marketing processes of products and / or services

  • Planning and execution of sales processes of products and / or services

  • Ensuring that the data is accurate and up-to-date

  • Giving information to the competent authorities from the legislation

  • Creation and follow-up of visitor records

  1. Transfer of Personal Data by Our Company and Categorization of Data Transferred Parties

Personal data of our Company are collected by ERKUR Makine , Company officials, affiliates, business partners, suppliers, shareholders, legally authorized public institutions and organizations and private institutions.

  1. Processing of Personal Data by Our Company

Within the scope of its obligations arising from the Act as a data officer, our Company enlightens the data owners in accordance with Article 10 of the Law before obtaining personal data from the data owners. If any data processing process carried out by our Company does not meet the requirements detailed in Section 2.II.a and b of the Law, the express consent of the data owners is obtained and the related processes are carried out within the framework of the mentioned explicit consent.

Within the scope of the Law, open consent is defined as r informed consent based on a free will olup, and in this respect, our Company obtains its express consent after informing the data holders in accordance with Article 10 of the Law.

Although there is no time limit for the storage of personal data under the law, it is essential that the personal data are kept for the period required by the relevant legislation or for the purpose for which they are processed. In order to determine retention periods in accordance with the aforementioned principle, our Company conducts an assessment on the basis of the legislation in force and the purpose of each data processing process. To this end, the Company maintains personal data as a minimum as required by its legal obligations and in any event until the relevant statute of limitations expires.

Our Company anonymizes, deletes or destroys personal data in accordance with the Law with the termination of the purpose of processing the related personal data under any process including the expiration of the said periods. Anonymization within the scope of the law is defined as m making personal data unmatched by any identifiable or identifiable real person even by matching with other data olup and the anonymization activities of our Company are carried out in accordance with the current legislation.

  1. Personal Data Security

In order to ensure the security of personal data, our company takes reasonable technical and administrative measures to prevent unauthorized access risks, accidental data loss, intentional deletion or damage of data. Within this scope, the following actions are taken by our Company as a minimum:

  • Software and hardware security measures appropriate to the personal data processed

  • Performing the audits provided for under the Law

  • Ensuring that the Company and its employees comply with the Law in-house training, policies and procedures

  • Ensuring and recording access to information on a requirement-based basis through internal authorizations

  • Monitoring of personal data processing activities on a process basis

  • Obtaining contractual commitments regarding the protection and security of personal data in relations with suppliers

Section 4. Rights of Data Owners Under the Law

I. Rights of Data Owners

According to Article 11 of the Law, the owners of personal data;

  • To find out if personal data about him / her has been processed,

  • To request information if personal data about him / her has been processed,

  • Learning the purpose of processing personal data and whether they are used in accordance with their purpose,

  • Knowing the third parties to whom personal data is transferred at home or abroad,

  • To request correction of personal data in case of incomplete or incorrect processing,

  • Although it has been processed in accordance with the provisions of the Law and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring processing are eliminated,

  • Requesting the notification of the transactions carried out as a result of requests for correction, deletion and destruction to the third parties to whom the personal data are transferred,

  • Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,

  • In case of damages due to unlawful processing of personal data, to request the loss of the damage,

rights.

Article 28, paragraph 2 of the Law regulates that in certain cases, the data owner cannot make any claim to the data officer other than compensation for damages. According to this,

  • Personal data processing is necessary for crime prevention or crime investigation,

  • Processing of personal data publicized by the person concerned,

  • Personal data processing is required for the conduct of supervisory or regulatory duties, and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions, based on the authority granted by law,

  • That personal data processing is necessary to protect the economic and financial interests of the State in relation to budget, tax and financial matters,

The rights specified above shall not be exercised in respect of the relevant data.

II. Exercise of Rights

Data holders may use the Application Form to exercise the rights mentioned above .

If the Personal Data Protection Board provides a method other than the mentioned methods, the applications may be forwarded by this method.

Data owner requests submitted by one of the methods mentioned above are evaluated and answered by the Company within maximum thirty days. Our company reserves the right to request additional information and documents from the applicant in order to assess whether the applicant has relevant data or not.

As a rule, data owner applications are evaluated by our Company free of charge. However, if a fee has been determined by the Personal Data Protection Board for the request of the data owner, our Company will be entitled to request payment at this fee.

İSTANBUL

Headquarters

Most welcome to contact us
+90 (212) 709 37 47

thermoform.erkur.com

info@erkur.com

LOCATIONS

Were We Are



OUR FACTORIES

İstanbul – Bağcılar : +90 212 655 00 72İstanbul – B.Çekmece : +90 212 709 37 47Tekirdağ – Çerkezköy : +90 282 758 22 22


GET IN TOUCH

Follow Our Activity

Keep following up the heat