FIRST PART
1. INTRODUCTION
1.1. Login
Tic.Ve San. As an Anonim Şirketi (“Company”), in accordance with the Law on Protection of Personal Data No. 6698 (“KVKK” or “Law”), we attach utmost importance to the legal processing and protection of personal data of all natural persons we come into contact with in any way while performing our commercial activities, and We act with this care in all our planning and activities. With this awareness, we present this Personal Data Processing, Protection and Privacy Policy (“Policy”) to your information in order to fulfill the obligation of disclosure within the scope of Article 10 of the Law and to inform you of all the administrative and technical measures we have taken within the scope of processing and protection of personal data. .
1.2. Purpose of the Policy
The main purpose of this Policy is to make explanations about the systems for processing and protecting personal data in accordance with the law and the purpose of the Law, in this context, the Company's internal and external stakeholders, Company officials, company business partners, suppliers, consultants, employees and employee candidates, is to inform the persons whose personal data are processed by our Company, especially our visitors, customers, potential customers and third parties, official institutions, banks, independent audit institutions. In this way, it is aimed to ensure full compliance with the legislation in the processing and protection of personal data carried out by our Company and to protect all the rights of personal data owners arising from the legislation regarding personal data.
1.3. Scope of the Policy and Personal Data Owners
This Policy; automatically or non-automatically provided that it is a part of any data recording system, Company internal and external stakeholders, Company officials, Company business partners, suppliers, consultants, employees and employee candidates, visitors, customers, potential customers and third parties, public institutions , banks, independent auditing firms, especially those whose personal data are processed by our Company and will be implemented within the scope of these specified persons.
Our company informs the Personal Data Owners about the Law by publishing this Policy on its website. This Policy will not be applied if the data is not included in the scope of "Personal Data" within the scope specified below or if the Personal Data processing activity carried out by our Company is not carried out in the above-mentioned ways.
1.4. Definitions
The terms used in this Policy have the following meanings:
| Our Company/Our Company | JNR MENSUCAT TEKSTİL SANAYİ VE TİCARET A.Ş. is |
| Personal Data/Data | Any information relating to an identified or identifiable natural person. kind of information. |
| Private Personal Data/Data | Data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. |
| Processing of Personal Data | : Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying, or classifying Personal Data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system. every action performed on the data, such as preventing the use of kind of operation. |
| Recording Media | It is any environment where personal data is processed wholly or partially automatically or non-automatically provided that it is a part of any data recording system. |
| Data Owner/Relevant Person | It refers to real persons whose personal data are processed by the company, such as internal and external stakeholders of the company, company officials, company business partners, suppliers, consultants, employees and employee candidates, visitors, customers, potential customers and third parties, official institutions, banks, independent audit firms. |
| Data Recording System | It refers to the recording system in which personal data is processed and structured according to certain criteria. |
| Data Controller | It is the legal person who determines the purposes and methods of processing personal data and is responsible for the establishment and management of the data recording system. |
| Data Processor | It is the natural and legal person who processes personal data on behalf of the data controller based on the authority given by her. |
| Related User | technical storage, protection and Except for the person or unit responsible for backing up the data, they are the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller. |
| Open Consent | It is the consent of a particular subject, based on information and expressed with free will. |
| Destruction | It is the deletion, destruction or anonymization of personal data. |
| Anonymization | Data previously associated with a person, making it impossible to associate with an identified or identifiable natural person under any circumstances, even by matching with other data. |
| Deletion of Personal Data | It is to make personal data inaccessible and non-reusable for Relevant Users in any way. |
| Destruction of Personal Data | It is the process of making personal data inaccessible, irretrievable and reusable by anyone in any way. |
| Periodic Destruction | It is the deletion, destruction or anonymization process that will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy in the event that all of the personal data processing conditions in the Law are eliminated. |
| Law/KVKK | Expressing the Law on Protection of Personal Data No. 6698 |
| regulation | Published in the Official Gazette on October 28, 2017 Deletion, Destruction or Anonymous Personal Data It is the Regulation on Making |
| KVKK Board | It is the Personal Data Protection Board |
1.5. Enforcement of the Policy
This Policy, which was issued by the Company and entered into force on 08.04.2018, is published on the Company's website (https://sharabati-denim.com) and is made available to the relevant persons upon the request of the Related Person.
SECOND PART
2. PROCESSING AND TRANSFER OF PERSONAL DATA
2.1. General Principles in the Processing of Personal Data
Personal Data is processed by the Company in accordance with the procedures and principles stipulated in the KVKK and other relevant laws and this Policy. In this context, the Company acts with the following principles while processing Personal Data:
• Personal Data is processed in accordance with the relevant legal rules and the requirements of the honesty rule. In accordance with this principle, the Company's data processing processes are carried out within the limits required by all relevant legislation and honesty rules, especially the Constitution and KVKK.
• Personal Data is ensured to be accurate and up-to-date, provided that they are informed. In this context, issues such as determining the sources from which the data is obtained, confirming its accuracy, and evaluating whether it needs to be updated are carefully considered.
• In accordance with this principle, necessary measures are taken to ensure that the personal data processed by the Company is accurate and in compliance with the current situation, and necessary opportunities are provided to the relevant persons by informing them in order to ensure that the data being processed reflect the real situation.
• Personal Data; processed for specific, explicit and legitimate purposes. Being legitimate means that the Personal Data processed by the Company is related to and necessary for the work it does or the service it provides.
In this framework, the Company processes personal data only for clearly and precisely determined legitimate purposes and does not process data other than these purposes. In this context, the Company processes personal data only in connection with the business relationship established with the relevant persons and if necessary for them.
• Personal Data is related to the purpose in order to achieve the purposes determined by the Company, and the processing of Personal Data that is not related to the realization of the purpose or is not needed is avoided. It limits the processed data only to what is necessary for the realization of the purpose. Personal Data processed in this context are related, limited and measured for the purpose for which they are processed.
• If there is a period foreseen for data storage in the relevant legislation, it complies with these periods; otherwise, it retains the Personal Data only for the period necessary for the purpose for which they are processed. In the event that there is no valid reason for further preservation of Personal Data, the said data is deleted, destroyed or anonymized.
2.2. Terms of Processing Personal Data
Except for the exceptions listed in the Law, the Company does not process Personal Data without the explicit consent of the person concerned. However, in the presence of one of the following conditions, Personal Data may be processed, even without the explicit consent of the person concerned.
• The Company may process Personal Data of Relevant Persons in cases expressly stipulated by law, even if there is no explicit consent. E.g; In accordance with Article 230 of the Tax Procedure Law, the explicit consent of the person concerned will not be sought to include the name of the person on the invoice.
• Personal Data may be processed without explicit consent in order to protect the life or physical integrity of the person or another person who are unable to express their consent or whose consent cannot be validated due to actual impossibility. For example, in a situation where the person's consent is not valid due to unconsciousness or mental illness, the Personal Data of the Relevant Person may be processed during medical intervention in order to protect life or bodily integrity. In this context, data such as blood type, diseases and surgeries, and medications used can be processed through the relevant health system.
• Personal Data belonging to the parties to the contract can be processed, provided that it is directly related to the establishment or performance of a contract by the Company. For example, according to a contract made, the account number of the creditor can be obtained for the payment of money.
• The Company may process the Personal Data of Personal Relevant Persons if it is necessary to fulfill its legal obligations as a data controller.
• Personal Data made public by the Relevant Persons by the Company, in other words, disclosed to the public in any way, may be processed because the legal benefit that needs to be protected is no longer valid.
• The Company may process the Personal Data of Relevant Persons without seeking explicit consent, in cases where data processing is necessary for the exercise or protection of a legally legitimate right.
• The Company may process the Personal Data of Relevant Persons in cases where it is necessary to process the Relevant Persons for their legitimate interests, provided that the fundamental rights and freedoms of the Relevant Persons are protected under the law and policy. The Company shows the necessary sensitivity to comply with the basic principles regarding the protection of Personal Data and to observe the balance of interests of the Relevant Persons.
2.3. Conditions of Processing of Special Quality Personal Data
The Company does not process Sensitive Personal Data without the explicit consent of the person concerned. However, Personal Data other than health and sexual life may be processed without seeking the explicit consent of the person concerned, in cases stipulated by the laws. Personal Data related to health and sexual life are only processed by the Company for the purposes of protecting public health, performing preventive medicine, medical diagnosis and treatment and care services, planning and managing health services and financing, without seeking the explicit consent of the person concerned, under the conditions under which we are under a confidentiality obligation. The Company carries out the necessary actions to take adequate measures determined by the Board in the processing of Private Personal Data.
2.4. Terms of Transfer of Personal Data
Our company may transfer Personal Data of Relevant Persons and Private Personal Data to third parties in accordance with the Law by creating the necessary confidentiality conditions and taking security measures in line with the purposes of processing Personal Data. Our company acts in accordance with the regulations stipulated in the Law during the transfer of Personal Data. In this context, our Company is based on and limited to one or more of the Personal Data processing conditions listed below, specified in Article 5 of the Law, in line with the legitimate and lawful Personal Data processing purposes.
Personal Data to third parties:
• If the Relevant Person has express consent;
• If there is a clear regulation in the law regarding the transfer of Personal Data, if it is necessary for the protection of the life or physical integrity of the Relevant Person or someone else, and
• If the Relevant Person is unable to express his/her consent due to actual impossibility or if his/her consent is not legally valid,
• If it is necessary to transfer the Personal Data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
• If Personal Data transfer is mandatory for our company to fulfill its legal obligation,
• If the Personal Data has been made public by the Relevant Person,
• If Personal Data transfer is necessary for the establishment, exercise or protection of a right,
• Provided that it does not harm the fundamental rights and freedoms of the Relevant Person, Personal Data may be transferred if it is necessary for the legitimate interests of our Company.
2.4.1. Conditions for Transferring Personal Data Abroad
Our company may transfer the Personal Data and Special Qualified Personal Data of the Related Persons to third parties abroad by taking the necessary security measures in line with the purposes of Personal Data processing. Personal Data by our Company; It can be transferred to foreign countries that are declared to have sufficient protection by the KVK Board or, in the absence of sufficient protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the permission of the KVK Board is available.
2.5. Terms of Transfer of Special Quality Personal Data
The company, by showing due diligence, taking the necessary security measures and taking the adequate measures prescribed by the KVK Board; In accordance with the legitimate and lawful Personal Data processing purposes, it can transfer the Personal Data of the Related Person to third parties in the following cases.
(i) In case the Relevant Person has express consent, or
(ii) In the presence of the following conditions, without seeking the explicit consent of the Related Person;
• Sensitive Personal Data (race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, criminal conviction and data related to security measures and biometric and genetic data), in cases stipulated by law,
• Persons who are under the obligation to keep confidential for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, or can be transferred by authorized institutions and organizations.
2.5.1. Transfer of Private Personal Data Abroad
The company, by showing due diligence, taking the necessary security measures and taking the adequate measures prescribed by the KVK Board; Personal Data of the Relevant Person for legitimate and lawful Personal Data processing purposes
In the following cases, it can transfer its Qualified Personal Data to foreign countries where the data controller has adequate protection or undertakes adequate protection.
(i) In case the Relevant Person has express consent, or
(ii) In the presence of the following conditions, without seeking the explicit consent of the Related Person;
• Sensitive Personal Data (race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, criminal conviction and data related to security measures and biometric and genetic data), in cases stipulated by law,
• Persons who are under the obligation to keep confidential for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, or can be transferred by authorized institutions and organizations.
THIRD PART
3. PURPOSE OF PROCESSING AND TRANSFERRING PERSONAL DATA, PERSONS TO BE TRANSFERRED
3.1. Purposes of Processing and Transferring Personal Data
Personal Data; in accordance with the law and the purpose of the Law,
• Ensuring the general and commercial security of our businesses,
• Execution of recruitment processes and provision of security processes,
• Best planning and implementation of human resources policies,
• Correct planning, execution and management of commercial partnerships and strategies,
• Ensuring the legal, commercial and physical security of itself and its business partners,
• Ensuring corporate functioning, planning and execution of management and communication activities,
• Making the best use of the products and services of the Relevant Persons and recommending them by customizing them according to their demands, needs and wishes,
• Creating databases for customers, commercial partners, suppliers, employees, employee candidates,
• Communicating with the Relevant Persons who convey their requests and complaints to him and ensuring the management of requests and complaints,
• Management of relations with business partners or suppliers,
• Execution of personnel procurement processes,
• Execution/follow-up of financial reporting and risk management transactions,
• Execution/follow-up of company legal affairs,
• Carrying out studies to protect the company's reputation,
• Managing investor relations,
• Giving information to authorized institutions based on legislation,
• For security purposes and due to legal obligations, execution of image recording processes, identity and permission processes at entrances to the facility, coordination of OHS trainings and keeping work accident records, coordination of visitor procedure and emergency operations, execution of health processes, guest internet usage records, obtaining contact form for purposes such as
• It is processed within the scope of personal data processing conditions specified in Articles 5 and 6 of the Law, limited to the purposes of creating and tracking visitor records. If the processing activity carried out for the aforementioned purposes does not meet any of the conditions stipulated in the Law, your express consent is obtained by the Company regarding the relevant processing process.
3.2. Persons to whom Personal Data will be Transferred
Personal Data can be shared with our business and solution partners, banks, technical, logistics and other similar transactions on behalf of us, in order to ensure that the services offered to you are complete and flawless, and only to the extent appropriate with the nature of the service. These third parties consist of persons who are obliged to have access to the relevant information in order to provide the relevant services completely and flawlessly.
Apart from these, your Personal Data is also required in cases where data has to be shared with other third parties in order to provide the service fully and flawlessly, if it is necessary for the Company to fulfill its legal obligations, if it is expressly stipulated in the laws or if there is a judicial/administrative order given in accordance with the law. be transferred only to the person or institution concerned.
Some of the Personal Data may only be shared with the advertisers together with the information of other users and/or in aggregate, in order to ensure that the advertisements can be adapted to the target audience.
In the case of sharing anonymized data, it is information that cannot be matched with our visitors/customers, does not contain your identity information or makes your identity identifiable. Your privacy is guaranteed in anonymized data.
CHAPTER FOUR
4. METHOD OF COLLECTION AND LEGAL REASON OF PERSONAL DATA, DELETING, DESTROYING AND MAKING ANNOUNCEMENT AND STORAGE PERIOD
4.1. Method and Legal Reason for Personal Data Collection
For the purpose of checking the compliance with Article 1, which regulates the purpose of the Law, and Article 2, which regulates the scope of the Law, Personal Data; by all kinds of verbal, written, telephone, fax, e-mail and other electronic media; It is collected through technical and other methods, in various ways such as the Company website, mobile application, in order to fulfill the responsibilities arising from the law completely and accurately within the framework of legal reasons based on legislation, contract, demand and request in order to achieve the purposes stated in the Policy, and the Company or the Company processed by data processors appointed by
4.2. Deletion, Destruction or Anonymization of Personal Data
Without prejudice to the provisions of other laws regarding the deletion, destruction or anonymization of Personal Data, although the Company has processed it in accordance with the provisions of this Law and other laws, in the event that the reasons for its processing are eliminated, the Personal Data may be processed ex officio or by the Relevant Persons. deletes, destroys or anonymizes upon request. Deletion of Personal Data is the process of making personal data inaccessible and unusable for the relevant users in any way. Destruction of Personal Data, on the other hand, means the destruction of materials suitable for data storage such as documents, files, CDs, floppy disks, hard disks, in which the data is recorded, so that the information cannot be retrieved or used again. By anonymizing the data, it is meant that the Personal Data cannot be associated with an identified or identifiable natural person, even if it is matched with other data.
4.3. Retention Period of Personal Data
The Company stores Personal Data for the period specified in this legislation, if it is stipulated in the legislation. If a period of time is not regulated in the legislation regarding how long personal data should be kept, Personal Data is processed for a period of time that requires it to be processed in accordance with the Company's practices and commercial life practices, depending on the activity carried out while processing that data, and then deleted, destroyed or anonymized. is brought.
The purpose of processing personal data has ended; if the relevant legislation and the retention periods determined by the Company have also come to an end; Personal data can only be stored to provide evidence in possible legal disputes or to assert the right related to personal data or to establish a defense. The statute of limitations for asserting the aforementioned right in the establishment of the periods herein and the storage periods are determined based on the examples in the previous requests made to the Company on the same issues despite the expiry of the statute of limitations. In this case, the stored personal data is not accessed for any other purpose and access is provided only when it is required to be used in the relevant legal dispute. Here, too, personal data is deleted, destroyed or anonymized after the aforementioned period expires.
Detailed regulations on Company techniques regarding the storage, deletion, destruction and anonymization of Personal Data are included in the Company's Personal Data Retention and Disposal Policy.
CHAPTER FIVE
5. ISSUES REGARDING THE PROTECTION OF PERSONAL DATA
In accordance with Article 12 of the Law, the Company takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the Personal Data it processes, to prevent illegal access to the data and to ensure the preservation of the data, and in this context, it carries out the necessary audits. doing or making.
5.1. Ensuring the Security of Personal Data
5.1.1. Technical and Administrative Measures Taken to Ensure Legal Processing of Personal Data
The Company takes technical and administrative measures according to technological possibilities and implementation costs in order to ensure that Personal Data is processed in accordance with the law.
(i) Technical Measures Taken to Ensure Legal Processing of Personal Data
The main technical measures taken by the Company to ensure the legal processing of Personal Data are listed below:
• With the authorization system, access to personal data is prevented by unauthorized persons or institutions.
• Personal Data processing activities carried out within the company are audited by established technical systems.
• The technical measures taken are periodically reported to the relevant person as required by the internal audit mechanism.
• Personnel knowledgeable in technical matters are employed.
(i) Administrative Measures Taken to Ensure the Lawful Processing of Personal Data
The main administrative measures taken by the Company to ensure the legal processing of Personal Data are listed below:
• Employees are informed and trained about the law on the protection of Personal Data and the legal processing of Personal Data.
• The Company carries out and has the necessary inspections made in its own institution or organization in order to ensure the implementation of the provisions of the Law.
• All activities carried out by the Company are analyzed in detail specific to all business units, and as a result of this analysis, Personal Data processing activities are revealed, specific to the activities carried out by the relevant business units.
• Personal Data processing activities carried out by the Company's business units; The requirements to be fulfilled in order to ensure that these activities comply with the Personal Data processing conditions sought by the Law are determined by each business unit and the detailed activity it carries out.
• In order to meet the legal compliance requirements determined on the basis of the business unit, awareness is created for the relevant business units and the rules of practice are determined; Necessary administrative measures are implemented through in-house policies and trainings to ensure the supervision of these issues and the continuity of implementation.
• The company employs knowledgeable and experienced personnel about the processing of personal data and provides necessary KVK training to its personnel.
• Except for the Company's instructions and the exceptions made by law, in the contracts and documents governing the legal relationship between the Company and the employees, records that impose the obligation not to process, disclose or use Personal Data are placed, awareness of the employees is created in this regard, and obligations arising from the Law are carried out by conducting audits. is fulfilled.
• In case the processed personal data is obtained by others illegally, the Company informs the relevant person and the Board as soon as possible.
• Regarding the sharing of personal data, the Company signs a framework agreement with the persons to whom the personal data is shared or ensures data security by adding provisions to the agreements.
5.1.2. Technical and Administrative Measures Taken to Prevent Unlawful Access to Personal Data
The Company takes technical and administrative measures according to the nature of the data to be protected, technological possibilities and the cost of implementation in order to prevent the reckless or unauthorized disclosure, access, transfer or any other unlawful access to Personal Data.
(i) Technical Measures Taken to Prevent Unlawful Access to Personal Data
The main technical measures taken by the Company to prevent unlawful access to Personal Data are listed below:
• Technical measures are taken in line with the developments in technology, the measures taken are periodically updated and renewed.
• Access and authorization technical solutions are put into use in accordance with the legal compliance requirements determined on the basis of the business unit.
• Access authorizations are limited and authorizations are reviewed regularly.
• The technical measures taken are periodically reported to the relevant person in accordance with the internal audit mechanism, the issues posing a risk are re-evaluated and the necessary technological solution is produced.
• Software and hardware including virus protection systems and firewalls are installed.
• Personnel knowledgeable in technical matters are employed.
• Security scans are regularly performed to detect security vulnerabilities in applications where Personal Data is collected. The vulnerabilities found are closed.
• Necessary internal controls are carried out within the scope of established systems.
• Risk analysis, data classification, risk assessment and business impact analysis processes are carried out within the scope of established systems.
• It is ensured that the technical infrastructure to prevent and/or monitor the leakage of personal data outside the institution is provided and the relevant matrices are created.
• It is ensured that the access authorizations of the employees in the information technology units are kept under control.
(ii) Administrative Measures to Prevent Unlawful Access to Personal Data
The main administrative measures taken by the Company to prevent unlawful access to Personal Data are listed below:
• Employees are trained on technical measures to be taken to prevent unlawful access to Personal Data.
• Access to Personal Data and authorization processes are designed and implemented within the Company in accordance with the legal compliance requirements for Personal Data processing on a business unit basis.
• Employees are informed that they cannot disclose the Personal Data they have learned to others in violation of the provisions of the Law, and that they cannot use it for purposes other than processing, and that this obligation will continue after they leave their job, and necessary commitments are taken from them in this direction.
• Contracts concluded by the Company with the persons to whom Personal Data is transferred in accordance with the law; Provisions are added that the persons to whom Personal Data are transferred will take the necessary security measures for the protection of Personal Data and ensure that these measures are complied with in their own organizations.
5.1.3. Storing Personal Data in Secure Environments
The Company takes the necessary technical and administrative measures according to the technological possibilities and implementation cost in order to keep the Personal Data in secure environments and to prevent its destruction, loss or alteration for unlawful purposes.
12 (1) of the KVKK. The measures envisaged in the article are:
- To prevent the unlawful processing of personal data,
- To prevent unlawful access and modification of personal data,
- To ensure the protection of personal data.
The measures taken by the Company in this context are listed below:
(i) Technical Measures Taken for Storing Personal Data in Secure Environments
The main technical measures taken by the Company to store Personal Data in secure environments are listed below:
• Systems suitable for technological developments are used to store Personal Data in secure environments.
• Specialized personnel in technical matters are employed.
• Technical security systems for storage areas are established, security tests and research are carried out to detect security vulnerabilities on information systems, existing or potential risky issues identified as a result of the tests and researches are eliminated. The technical measures taken are periodically reported to the relevant person as required by the internal audit mechanism.
• Backup programs are used in accordance with the law to ensure that Personal Data is stored securely.
• Access to the data is restricted to the environments where Personal Data is kept, and only authorized persons are allowed to access this data limited to the purpose of storing personal data. Access to the data storage areas where Personal Data is stored is logged, and inappropriate access or access attempts are instantly communicated to the relevant persons.
(ii) Administrative Measures to Keep Personal Data in Secure Environments
The main administrative measures taken by the Company to store Personal Data in secure environments are listed below:
• Employees are trained to ensure that Personal Data is kept securely.
• Legal and technical consultancy support is received in order to follow the developments in the field of information security, privacy and protection of personal data and to take necessary actions.
• In the event that an external service is received by the Company due to technical requirements regarding the storage of Personal Data, the contracts concluded with the relevant companies to which the Personal Data are transferred in accordance with the law; Provisions are included that the persons to whom Personal Data are transferred will take the necessary security measures for the protection of Personal Data and that these measures will be complied with in their own organizations.
5.1.4. Supervision of the Measures Taken for the Protection of Personal Data
In accordance with Article 12 of the Law, the Company carries out or has had it made necessary inspections within its own body. The results of these audits are reported to the relevant department within the scope of the internal operation of the Company and necessary activities are carried out to improve the measures taken.
5.1.5. Measures to be Taken in Case of Unauthorized Disclosure of Personal Data
The Company operates the system that ensures that the Personal Data processed in accordance with Article 12 of the Law are obtained by others illegally, and this situation is reported to the Related Person and the KVK Board as soon as possible. If deemed necessary by the KVK Board, this situation may be announced on the website of the KVK Board or by any other method.
5.2. Observing the Legal Rights of Relevant Persons
The Company observes all legal rights of Relevant Persons through the implementation of the Policy and Law and takes all necessary measures to protect these rights. Detailed information on the rights of Relevant Persons is given in the sixth section of this Policy.
5.3. Protection of Private Personal Data
The law attaches special importance to certain Personal Data due to the risk of causing victimization and/or discrimination when processed unlawfully. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. The Company pays maximum attention to the protection of special quality Personal Data, which is determined as "special quality" by the law and processed in accordance with the law. In this context, the technical and administrative measures taken by the Company for the protection of personal data are also implemented with the utmost care in terms of Special Quality Personal Data, and the necessary audits are provided within the Company in this regard.
CHAPTER SIX
6. RIGHTS OF PERSONAL DATA OWNER, USE AND ASSESSMENT OF RIGHTS
6.1. Disclosure of the Related Person
The Company informs the Relevant Persons during the acquisition of Personal Data in accordance with Article 10 of the Law. In this context, if any, it clarifies the identity of the Company representative, the purpose for which the Personal Data will be processed, to whom and for what purpose the processed Personal Data can be transferred, the method of collecting Personal Data and the legal reason, and the rights of the Relevant Person.
6.2. Rights of the Related Person in accordance with the KVK Law
The Company informs you of your rights in accordance with Article 10 of the Law; It provides guidance on how to exercise these rights and carries out the necessary internal functioning, administrative and technical arrangements for all these. The Company, in accordance with Article 11 of the Law, to the persons whose Personal Data is received;
• Learning whether Personal Data is processed or not,
• Requesting information about the Personal Data if it has been processed,
• Learning the purpose of processing Personal Data and whether they are used in accordance with its purpose,
• Knowing the third parties to whom Personal Data is transferred in the country or abroad,
• Requesting correction of Personal Data if it is incomplete or incorrectly processed,
• Requesting the deletion or destruction of Personal Data within the framework of the conditions stipulated in Article 7 of the Law,
• Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) of Article 11 of the Law, to third parties to whom personal data has been transferred,
• Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• Explains that they have the right to demand the compensation of the damage in case of loss due to unlawful processing of Personal Data.
6.3. Circumstances in which the Relevant Person Cannot Claim His Rights
Since the following situations are excluded from the scope of the Law pursuant to Article 28 of the Law, Relevant Persons cannot claim their rights listed in article (6.2.) of this Policy in the following cases:
• Processing of Personal Data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with.
• Processing of Personal Data for purposes such as research, planning and statistics by anonymizing them with official statistics.
• Processing of Personal Data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
• Processing of Personal Data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security.
• Processing of Personal Data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings.
Pursuant to article 28/2 of the Law; In the cases listed below, Relevant Persons cannot claim their rights listed in article (6.2.) of this Policy, except for the right to demand the compensation of the damage:
• The processing of Personal Data is necessary for crime prevention or criminal investigation.
• Processing of personal data made public by the Relevant Person.
• The processing of Personal Data is required by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution based on the authority given by the law.
• The processing of Personal Data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
6.4. Relevant Person's Use of His Rights
In accordance with paragraph 1 of Article 13 of the KVK Law, Relevant Persons can submit their requests regarding their rights listed in article (6.2.) of this Policy in writing or by other methods determined by the Personal Data Protection Board.
They can forward it to the company. In this context, the channels and procedures through which the application will be submitted in writing in the applications made to the Company within the scope of Article 11 of the KVK Law are explained below. The Relevant Person will be able to fill in and sign the Application Form, which you can access via the link of https://sharabati-denim.com
As the Relevant Persons, the request containing the necessary information and documents (copy of identity card, etc.) to determine their identities, and the explanations for the right requested to be exercised from the rights specified in Article 11 of the KVK Law;
• By printing the Related Person Application Form at https://sharabati-denim.com and filling out the form;
• By sending a signed copy of the form to the address of Kadirli OSB Mevkii 2(2.Etap) Cad. No: 14 Z01, 80750 Yusufizzettin Köyü / Merkez Bucağı Kadirli / Osmaniye, Türkiye or Alroubaia Fourtex Textiles Co. S.A.E. 3rd Industrial Zone Extension El-Sadat City, Egypt, P.O. Box 148 personally, via registered mail, notary public or other methods specified in the KVK Law, with documents identifying your identity. (The "Information Request Under the Law on the Protection of Personal Data" will be written on the envelope.)
• By signing the relevant form with the "secure electronic signature" defined in the Electronic Signature Law No. 5070 and sending it to the KEP address of jnrmensucat@hs01.kep.tr (E-mail's
"Personal Data Protection Law Information Request" will be written in the subject part.)
The Company reserves the right to reject the application if the information and documents you have submitted are incorrect or an unauthorized application is made.
In order for third parties to apply on behalf of the Relevant Persons, a special power of attorney issued by the Relevant Person through a notary public on behalf of the person making the application must be present.
CHAPTER EIGHT
8. MANAGEMENT STRUCTURE OF THE COMPANY ACCORDING TO THE PROCESSING AND PROTECTION OF PERSONAL DATA POLICY
A Personal Data Committee has been established within the company in accordance with the decision of the Company's senior management to manage this Policy and other policies related to and related to this Policy. The Personal Data Committee is authorized and responsible for taking the necessary actions for the storage and processing of the data of the Relevant Persons in accordance with the law, this Policy and other related and related policies.
6.5. The Company's Response Procedure and Time to Applications
The company concludes the requests included in the application free of charge as soon as possible, within thirty days at the latest, depending on the nature of the request. However, if the transaction in question requires an additional cost, the fee in the tariff determined by the KVK Board may be charged. The company may accept the request or reject it by explaining the reason; gives its answer in writing or electronically. In case the request in the application is accepted, the Company fulfills the requirements of the request.
6.6. Relevant Person's Right to Complain to the KVK Board
In cases where the application is rejected, the answer given is insufficient or the application is not answered in due time; The Relevant Person has the right to file a complaint with the KVK Board within thirty days from the date of learning the answer and probably within sixty days from the date of application.
CHAPTER SEVEN
7. PROCESSING IMAGE RECORDINGS
In order to ensure the general and commercial safety of the Company's facilities and businesses, the Company records the visitors, employees and other relevant persons in accordance with the basic principles stipulated in the KVKK and included in this Policy, and these records are recorded physically or in a timely manner for the purposes of processing. are securely stored electronically.
In places where video recordings are taken, there is a visible warning that video recording has been taken in order to inform Relevant Persons. Within the scope of these activities, our Company complies with the obligations stipulated in all relevant legislation, especially the KVKK, regarding the protection of personal data. In places where privacy is high, viewing is not possible.
CHAPTER NINE
9. OTHER MATTERS
9.1. Update and Compliance
In case of inconsistency between KVKK and other relevant legislation provisions and this Policy, KVKK and other relevant legislation provisions will be applied first.
The Company reserves the right to make changes in this Policy and other related and related policies due to the changes made in the Law, in accordance with the decisions of the KVK Board or in line with the developments in the sector or in the field of informatics.
Changes made in this Policy are immediately processed in the text and explanations regarding the changes are explained at the end of the Policy.
9.2. Changes
On 30.10.2020, the Policy on the Processing and Protection of Personal Data was republished with a general arrangement.
9.3. Force
This Policy prepared by the company entered into force on 08.04.2018.
9.4. Distribution
The policy is published on the Company website and announced to third parties and Company employees.
You can contact us via e-mail to cancel your membership regarding the registration of your personal data at support@sharabati-denim.com