BOSS4 GAYRIMENKUL İNŞAAT SANAYİ VE DIŞ TİCARET A.Ş. PROCESS, PROTECTION OF PERSONAL DATA AND    PRIVACY POLICY 

 

CONTENTS

  1. PURPOSE
  2. SCOPE
  3. DEFINITIONS AND ABBREVIATIONS
  4. ROLES AND RESPONSIBILITIES
  5. LEGAL OBLIGATIONS

5.1. Our obligation to clarify

5.2. Our obligation to ensure data security

  1. CLASSIFICATION OF PERSONAL DATA

6.1. Personal data

6.2. Special personal data

  1. PROCESSING PERSONAL DATA

7.1. Our principles for processing personal data

7.2. Open consent to be received within the scope of processing the data of the relevant Person / p>

7.3. Our purposes for processing personal data

7.4. Processing of special quality personal data

7.5. Processing of personal data collected through cookies on our website

7.6. Processing of personal data for human resources and employment purposes

7.7. Exceptions where explicit consent is not sought in the processing of personal data

 

  1. PERSONAL DATA TRANSFER

8.1. Transfer of personal data domestically

8.2. Transfer of personal data abroad

8.3. Institutions and organizations to which personal data are transferred

8.4. Measures we take regarding the transfer of personal data in accordance with law

  1. RETENTION OF PERSONAL DATA

9.1. Keeping personal data for the period required by the relevant legislation or for the purpose for which they are processed

9.2. Measures we take regarding the storage of personal data

  1. SECURITY OF PERSONAL DATA

10.1. Our obligations regarding the security of personal data

  1. RIGHTS OF THE PERSONAL DATA OWNER

11.1. Exercise of rights regarding personal data

11.2. Evaluation of the application

11.3. Procedure for the evaluation of the application

11.4. Right to complain to the Personal Data Protection Board

  1. PRIVACY POLICY
  2. COMPANY ENTRY-EXIT AND PROCESSING PERSONAL DATA IN THE COMPANY

14-     DELETE AND ANONYMIZE THE PERSONAL DATA

15-     PUBLISHING AND STORING THE DOCUMENT

  1. UPDATE PERIOD
  1. ENFORCEMENT

 

 1-PURPOSE

As BOSS4 GAYRIMENKUL İNŞAAT SANAYİ VE DIŞ TİCARET A.Ş.; It is our priority to process the Personal Data Protection Law (“PDPL”) No. 6698 in accordance with the relevant legislation and ensure the effective use of the rights of the data subjects within the scope of international agreements in which the personal data of real persons, including our customers, suppliers and employees, are the party of our country regarding the Constitution of the Republic of Turkey and human rights.

Therefore, but not limited to; Procedures for processing, storing, and transferring data related to all personal data obtained by our employees, suppliers, customers, users visiting our website, in brief, which are obtained automatically during our activities or that are not automated provided that they are part of any data recording system, are carried out according to the OSS4 GAYRIMENKUL İNŞAAT SANAYİ VE DIŞ TİCARET A.Ş . Personal Data Protection and Processing Policy ("Policy").

Protection of personal data and observing the fundamental rights and freedoms of real people whose personal data are collected is the basic principle of our policy regarding the processing of personal data. For this reason, we continue all our activities in which personal data are processed by protecting the privacy of private life, confidentiality of communication, freedom of thought and belief, and the right to use effective remedies.

In order to protect personal data, we take all administrative and technical protection measures required by the quality of the relevant data in accordance with the legislation and current technology.

This Policy describes the methods we follow to process, store, transfer and delete or anonymize personal data shared during our commercial or social responsibility and similar activities within the framework of the principles mentioned

 

2-SCOPE

Including our customers, business contacts, business partners, employees, suppliers, subcontractors, potential customers and other third parties; all personal data processed by the company are covered by this Policy.

 

Our policy is implemented in the activities that are owned or managed by the Company, for the processing of all personal data and has been handled and prepared by considering the PDPL and other relevant legislation regarding personal data and international standards in this field.

 

3- DEFINITIONS AND ABBREVIATIONS

In this section, the special terms and phrases, concepts, abbreviations, etc. mentioned in the Policy are briefly explained.

  • Company: BOSS4 GAYRIMENKUL İNŞAAT SANAYİ VE DIŞ TİCARET A.Ş.
  • Open Consent: Consent to a specific issue, based on information and free will, without any hesitation, limited only to that transaction.
  • Anonymization: It is to make personal data unrelated to an identifiable natural person or a natural person whose identity is determined by any means, even by matching with other data.
  • Employee: Company Staff.
  • Personal Data Owner (Relevant Person): Real person whose personal data is processed.
  • Personal Data: Any information about an identified or identifiable natural person.
  • Special Personal Data: People's race, ethnicity, political thought, philosophical belief, religion, sect, or other beliefs, disguise and outfit, association, foundation or union membership, health, data on sexual life, criminal conviction, and security measures, as well as biometric and genetic data.
  • Personal Data Process: Acquisition of personal data in fully or partially automated or non-automated ways, provided that it is part of any data recording system, saving, storing, storing, changing, rearranging, disclosing personal data, transferring, taking over, making available, classifying or preventing the use of personal data and any action taken on the data.
  • Data processor: Real or legal person who processes personal data on behalf of the data controller based on the authority given by the data controller.
  • Data controller: Real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
  • Personal Data Protection (PDP) Board: Personal Data Protection Board.
  • Personal Data Protection (PDP) Institution: Personal Data Protection Institution.
  • PDPL: Law on Protection of Personal Data, published in the Official Gazette No. 29677 dated April 7, 2016.
  • Policy: Personal Data Protection and Processing Policy  of BOSS4 GAYRIMENKUL İNŞAAT SANAYİ VE DIŞ TİCARET A.Ş.

 

4- ROLE AND RESPONSIBILITIES

4.1 Senior management

The company management is responsible for the upper supervision of the determination and operation of notification, inspection and enforcement mechanisms in case the Policy, rules and regulations are not complied with.

4.2. Information Systems Directorate

The Human Resources, Financial Affairs departments and the Information Systems Directorate are responsible for the preparation, development, execution and updating of this Policy.

5- LEGAL OBLIGATIONS

Legal obligations under the PDPL within the scope of protection and processing of personal data as data controller are listed below:

5.1. Our obligation for clarification

As the data controller, we have the obligation of Clarification to the Contact Person regarding the following matters;

  • For what purpose your personal data will be processed,
  • Information about our identity, identity of our representative, if any,
  • To whom and for what purpose your processed personal data can be transferred,
  • Our method of collecting data and its legal reason,
  • Rights arising from the law,

As a company, we take care that our policy, which is open to the public, is clear, understandable and easily accessible.

5.2. Our obligation to ensure data security

As the data controller, we take the administrative and technical measures stipulated in the legislation in order to ensure the security of the personal data available to us. Data security obligations and measures are detailed in sections 9th and 10th of this Policy.

 

6- CLASSIFICATION OF PERSONAL DATA

6.1. PERSONAL DATA

Personal data is any information related to a real or identifiable natural person.

Protection of personal data is only related to natural persons, and information belonging to legal persons, which does not contain information about real persons, is excluded from personal data protection. For this reason, this Policy does not apply to the data of legal persons.

 

6.2. Special personal data

Data on individuals' race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, and their costume and costume, association, foundation or union membership, health, sexual life, criminal conviction, and security measures, biometric and genetic data are personal data which have private nature.

7- PERSONAL DATA PROCESSING

7.1. Our principles for processing personal data

We process personal data in accordance with the principles below.

 

7.1.1. Processing in accordance with law and honesty rules

We process personal data in compliance with integrity rules, transparent and within the framework of our Clarification obligation.

 

7.1.2. Keeping personal data accurate and up-to-date when necessary

We take the necessary measures in our data processing procedures to ensure that the processed data is accurate and up to date. We also allow the Personal Data Owner to contact us to update their data and correct any errors in their processed data, if any.

 

7.1.3. Processing for specific, clear and legitimate purposes

As a company, we process personal data within the scope of our legitimate goals, whose scope and content are clearly determined, and determined to continue our activities within the framework of the ordinary flow of legislation and commercial life.

 

7.1.4. Personal data should be linked, limited and measured for the purpose for which they are processed

We process personal data in an open, precise, connected, limited and measured manner.

 

We avoid the processing of personal data that is not relevant or needed to be processed. For this reason, we do not process private personal data unless we have a legal requirement, or we obtain explicit consent when we need to process it.

7.1.5. Retention of personal data as stipulated by legal regulations and during our commercial legitimate interests.

Many regulations in the legislation require that personal data be stored for a certain period of time. For this reason, we keep the personal data we process for the period specified in the relevant legislation or required for the purposes of processing the personal data.

 

In the event that the retention period stipulated in the legislation expires or the purpose of processing disappears, we delete, destroy or anonymize the personal data. Our principles and procedures regarding retention periods are detailed in Article 9.1 of this Policy.

 

Our company takes all necessary administrative and technical measures to protect personal data processed in accordance with the relevant laws and regulations. In accordance with the provisions of Article 5 and 6 of the PDP law, personal data are processed in accordance with the law and the rule of integrity, the accuracy of the data is ensured and updated when necessary. Care is taken to ensure that the data is processed for specific, clear and legitimate purposes, linked to the purpose for which they are processed, limited and metered processing, the time prescribed in the relevant legislation, or the time required for the purpose for which they are processed.

 

7.2. Open consent to be obtained within the scope of processing the data of the Contact Person.

We obtain the explicit consent of the person concerned, except in cases specified in the Law and do not require explicit consent.

7.3. Our purposes for processing personal data

As a company, we process personal data for purposes similar to those listed below, but not limited to those listed above:

 

  • Execution of our activities,
  • To ensure that our obligations are fulfilled within the scope of the contract and within the framework of service standards,
  • Shaping and updating the services to be given to our customers in this context by determining the preferences and needs of our customers,
  • To ensure that our legal obligations are fulfilled as required or required by legal regulations,
  • To conduct market researches and statistical studies,
  • To evaluate job applications,
  • Providing liaison with the people who have a business relationship with the company,
  • To carry out marketing activities,
  • Compliance management,
  • Vendor / supplier / producer management,
  • Advertisement, promotion, announcement
  • Legal reporting,
  • Billing.

7.4. Processing of special quality personal data

Special quality personal data are processed by us, by taking administrative and technical precautions stipulated by the laws and stipulated by the PDP Board, and if there is a clear consent or when required by the legislation.

 

Special personal data on health and sexual life, protection of public health, preventive medicine, medical diagnosis, treatment and care services, since these services can be processed by persons under the obligation to keep secrets or authorized institutions and organizations for the purpose of planning and management of health services and financing, they are not processed by us except for the data of our employees. Such data belonging to our employees can be processed by people stipulated by law.

7.5. Processing of personal data collected through cookies on our website.

We use cookies to improve the functioning and usage of our website and we try to make the time you spend on our website more efficient and enjoyable. In addition, we use some cookies to remember the choices you make on our website, thus providing you with an improved and personalized experience.

 

Your IP address information is collected through cookies on our website. The Company cannot access the information collected through cookies when our in-site use ends.

 

For detailed information about the cookies we use on our website, you can review our “Cookie Policy”.

7.6. Processing of personal data for human resources and employment purposes

As the Personnel Candidate, we process, store and transfer your personal data contained in other documents, such as resumes, diplomas, etc., that you share with us during the application process. Processing, transfer and storage of personal data that you share as a Candidate of Personnel is covered by this Policy.

7.7. Exceptions where explicit consent is not sought in the processing of personal data

In exceptional cases listed below and arising from the law, we can process personal data without explicit consent:

  • Clearly stipulated in the law;
  • If it is necessary to process personal data of the parties of the contract, provided that it is directly related to the establishment or performance of a contract;
  • If data processing is mandatory to establish, exercise or protect a right;
  • To be imperative that we process your data for our legitimate interests as a data controller, without prejudice to fundamental rights and freedoms;
  • It is mandatory to fulfill any legal obligation as a data controller;
  • The person who is unable to explain his consent due to actual impossibility or whose legal consent is not given, is compulsory for the protection of himself or someone else's life or body integrity;
  • The person concerned has been made public by himself.

 

Exceptional cases in which special personal data can be processed without the express consent of the Relevant Person are set out in Article 7.4 of this Policy.

 

In addition, personal information is collected through our websites and cookies and is processed and transmitted in accordance with the conditions stipulated in the Law, limited by our activities.

 

 

8- PERSONAL DATA TRANSFER

8.1. Transfer of personal data domestically (Transfer of personal data to the country)

As a company, we act in accordance with the decisions and regulations envisaged in the PDPL and by the PDP Board regarding the transfer of personal data.

 

Without prejudice to the exceptional circumstances in the legislation, personal data and special data are not transferred to any other real persons or legal entities without the explicit consent of the person's parent or legal representative, in the event that the Person or Person concerned is under the age of 18.

 

In the exceptional cases stipulated by the PDPL and other legislation, in case the Relevant Person or the Relevant Person is under the age of 18, data can be transferred to the administrative or judicial institution or institution authorized by the parent or the legal representative of the Relevant Person, as stipulated in the legislation and bound by limits..

 

In addition, exceptions stipulated by the legislation and in the following cases, data can be transferred without explicit consent;

 

  • In cases described in Article 7.7 of the Policy,
  • In cases listed in 7.4 of the Policy regarding personal data,
  • With the measures taken by the PDP Board and related legislation,
  • Special personal data regarding the health and sexual life of the person concerned

can only be given to individuals or authorized institutions and organizations that are under the obligation to keep secrets for the purpose of protecting public health, preventive medicine, conducting medical diagnosis, treatment and care services, planning and managing health services and financing.,

 

Your personal data could be transferred to the institutions mentioned below for the fulfillment of the purposes subject to this data policy; without being limited to these counts; Our Company's affiliates, group companies, employees, shareholders, partners, service / service providers or third parties, and persons and organizations that control them, law, tax, financial advisors, auditors, Consultant, organization or individuals who receive services or cooperate as a complementary or extension of our company's activities, Authorities such as SGK, Ministries and other official institutions, such as jurisdictions, can be transferred to all public institutions and organizations that are legally authorized in accordance with the terms and purposes stated in the provisions of Article 8 and 9 of the PDPL.

8.2. Transfer of personal data abroad

As a rule, personal data will not be transferred abroad without the explicit consent of the Parent or legal representative of the Person concerned if the Person or Person is under the age of 18. However, 7.4 of this Policy. In cases where one of the exceptions in Articles 7 and 7.7 exists; Personal data can be transferred abroad without the express consent of third parties abroad:

 

  • Availability of PDP board in countries with adequate protection announced by the PDP Board;
  • In cases where there are countries where there is not enough protection, data responsible in Turkey and the foreign country in question are undertaking adequate protection in writing and PDP Board has permission.;

 

 

8.3. Institutions and organizations to which personal data are transferred

Personal data may be transferred to the following institutions and organizations, but not limited to those listed above, in accordance with the terms and purposes set out in Articles 8 and 9 of the Law, according to certain principles and rules;

  • To our suppliers,
  • To our Customers
  • To our business partners and business contacts,
  • To our company affiliates and group companies,
  • Legally authorized public institutions and organizations,
  • Legally authorized private law persons,
  • To the persons or third parties that have received / provided services and to the institutions that supervise them and / or to the consultants, organizations or authorities that cooperate,
  • To our Shareholders

 

 

8.4. Measures we take regarding the transfer of personal data in accordance with law

8.4.1. Technical measures

To protect personal data, but not limited to mentioned below;

  • We make an in-house technical organization to process and store personal data in accordance with the legislation,
  • We establish the technical infrastructure to ensure the security of the databases where your personal data will be stored,
  • We follow the processes of the established technical infrastructure and carry out audits,
  • We determine the procedures for reporting the technical measures and audit processes we take,
  • We update and renew technical measures periodically,
  • We analyze the risky situations and produce the necessary technological solutions,
  • We use virus protection systems, firewalls and similar software or hardware security products and install security systems suitable for technological developments,
  • We employ staffs who are experts in technical issues.

 

8.4.2. Administrative measures

 

To protect personal data, but not limited to mentioned below;

  • We create policies and procedures for accessing personal data, including company and affiliate employees within our company,
  • We inform and educate our employees on the lawful protection and processing of personal data,
  • We record the measures to be taken in cases of unlawful processing of personal data by our Company Employees in the contracts we make with our employees and / or the Policies we create,
  • We monitor the personal data processing activities of the data processors or data processors partners we work with.

 

9- RETENTION OF PERSONAL DATA

9.1. Storage (retention) of personal data for the period required by the relevant legislation or for the purpose for which they are processed.

We retain personal data for the period required by the purpose of processing personal data, provided that the retention periods stipulated in the legislation are reserved.

 

In cases where we process personal data for more than one purpose, if the processing purposes of the data disappear or if the Contact or the Contact is under the age of 18, Upon the request of the parent or legal representative of the Relevant Person, the data is deleted, destroyed or anonymized and stored if there is no obstacle in the legislation to be deleted. Legislative provisions and PDP Board decisions are followed in terms of annihilation, deletion or anonymization..

 

9.2. Measures we take regarding the retention of personal data

9.2.1. Technical measures

  • We create technical infrastructures and related control mechanisms for erasing, destroying and anonymizing personal data,
  • We take necessary precautions to keep personal data securely,
  • We employ employees with technical expertise,
  • We are developing systems for business continuity and emergency plans against possible risks and their implementation,
  • We establish security systems in accordance with the technological developments regarding the storage areas of personal data.

 

9.2.2. Administrative measures

  • We raise awareness by informing our employees about the technical and administrative risks associated with the storage of personal data,
  • In the case of cooperation with third parties for the storage of personal data, we include the provisions regarding the necessary security measures to be taken in the contracts made with the companies with which the personal data is transferred, in order to protect and safe store the personal data transferred.

 

10- SECURITY OF PERSONAL DATA

10.1. Our obligations regarding the security of personal data

In the following cases, we take administrative and technical measures to prevent the use of personal data and according to technological possibilities and implementation costs;

  • To prevent illegal processing,
  • To prevent illegal access,
  • To ensure that it is stored in accordance with the law,

 

 

10.2. Measures we take to prevent illegal processing of personal data

  • We carry out and have the necessary inspections within our company.
  • We train and inform our employees about the processing of personal data in accordance with the law.
  • The activities carried out by our company are evaluated in detail in all business units, and as a result of this evaluation, we process personal data in relation to the commercial activities carried out by the relevant units.
  • In the case of cooperation with third parties for the purpose of processing personal data, we include the provisions regarding the necessary security measures of the persons who process personal data in contracts with companies that process personal data.
  • In case of unlawful disclosure of personal data or in case of data leakage, we inform PDP Board about the situation and conduct the necessary investigations and take measures in this regard.

 

10.2.1. Technical and administrative measures taken to prevent illegal access to personal data

To prevent illegal access of personal data;

  • We employ employees with technical expertise,
  • We update and renew technical measures periodically,
  • We create access authorization procedures within our company,
  • We determine the procedures for reporting the technical measures and audit processes we take,
  • • We create the data recording systems used in our company in accordance with the legislation and periodically inspect them,
  • We create emergency aid plans against possible risks and develop systems for their implementation,
  • We train and inform our employees on access to personal data and empowerment.
  • In collaboration with third parties for activities such as processing and storing personal data we include contracts with companies that provide access to personal data and provisions for taking necessary security measures for people who access personal data.
  • In order to prevent illegal access to personal data, we establish security systems within technological developments. 

10.2.2. Measures we take in case of unlawful disclosure of personal data

We take administrative and technical measures to prevent illegal disclosure of personal data and update them in accordance with our relevant procedures. If we find that the personal data has been disclosed as unauthorized, this is the case for the Person concerned or if the Person is under the age of 18, we create systems and infrastructures to notify the parent or legal representative of the Relevant Person and the PDP Board.

 

In case of an illegal disclosure despite all administrative and technical measures taken, if deemed necessary by the PDP Board, this may be announced on the PDP Board's website or by any other method.

 

 

11- RIGHTS OF THE PERSONAL DATA OWNER

We inform the Personal Data Owner within the scope of our Clarification obligation and we establish systems and infrastructures for this information. We make the technical and administrative arrangements necessary for the Personal Data Owner to exercise his rights regarding your personal data.

 

The Personal Data Owner has the following insight on learning whether or not Personal data has been processed on his personal data:

  • If personal data is processed, to request information about it,
  • To learn the purpose of processing personal data and whether it is used in accordance with its purpose,
  • To know the third parties to whom personal data are transferred domestically or abroad,
  • Requesting correction of personal data if it is incomplete or incorrectly processed,
  • Request the deletion or destruction of personal data in case the reasons requiring the processing of personal data disappear,
  • To request notification of the above mentioned correction, deletion or destruction to third parties to whom personal data are transferred,
  • To object to the emergence of a negative result by analyzing the processed data exclusively through automated systems,
  • To request the removal of the damage in case the personal data is damaged due to the illegal processing of the personal data.

 

 

11.1. Exercise of rights concerning personal data

If the Personal Data Owner requests a request regarding his personal data, a separate method is determined by the PDP Board; It will be sent in written and wet signed form to the address Cihangir Mahallesi Şehit Piyade Er Yavuz Bahar Sokak No: 19 Avcılar İstanbul, or this may be sent to our registered e-mail address at akkustekstil@hs01.kep.tr with a secure electronic signature.

 

Regarding the application containing the explanations about the right that Personal Data Owner will make and demand to use in order to use the rights mentioned above; the requested matter must be clear and understandable, if the requested issue is related to the applicant's person or if someone is acting on behalf of someone else, it must be specially authorized and this authority must be documented. In addition, the application must contain identification and address information, and documents proving its identity must be attached to the application. If the person concerned is under the age of 18, the parent or legal representative must send the application regarding personal data by adding the documents proving the identity of the Person concerned, together with the documents mentioned above.

These requests will be made individually and the requests made by unauthorized third parties regarding personal data will not be evaluated.

 

11.2. Evaluation of the application

11.2.1. Application response time

Requests related to personal data are finalized as soon as possible and in any case not later than 30 (thirty) days free of charge or if the conditions in the tariff to be published by the PDP Board regarding the fee occur.

 

Additional information and documents may be requested during the application or while the application is being evaluated.

 

11.2.2. Our right to reject the application

Applications related to personal data are rejected by justification in the following cases;

  • Processing personal data for purposes such as research, planning and statistics by making it anonymous with official statistics,
  • Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate privacy or personal rights of private life or constitute a crime,
  • Processing of personal data publicized by Personal Data Owner,
  • The application is not based on a justified reason,
  • The application contains a request contrary to the relevant legislation,
  • Failure to comply with the application procedure,

 

11.3. Procedure for the evaluation of the application

In order for the reply period specified in article 11.2.1 of this Policy to begin, requests made must be submitted in written and wet signed form or via electronic signature and KEP (Registered E mail). Or you should send the applicant's identity with corroborative information and documents by other methods determined by the PDP Board. In the event that the Person is under the age of 18, the parent or legal representative must send the application regarding the personal data by adding the documents proving the identity of the Person concerned with the documents mentioned above.

 

If the request is accepted, the relevant transaction is applied and notified in writing or electronically. In case of rejection of the request, the reason is explained and notified to the applicant in written or electronic form.

 

11.4. Right to complain to the Personal Data Protection Board

In cases where the application is rejected, the answer we give is insufficient or there is no response in time; the applicant has the right to file a complaint with the PDP Board within 30 (thirty) days from the date of receipt and in any case 60 (sixty) days from the date of application.

 

12- PRIVACY POLICY

This Privacy Policy provides services related to the www.akkusgrup.com website and includes our policy regarding your personal data In accordance with the Law No. 6698 on Protection of Personal Data ("PDPL") Collection and Processing of Your Personal Data As Data Controller, your personal data, which we request and share with us in a limited and measured manner in connection with the purpose and duration of processing, will be recorded within the framework of the purpose that requires processing again these data will be stored, stored, rearranged and shared with institutions authorized by law to request this personal data. We hereby declare that such data will be transferred, transferred, classified, classified and processed in other ways in the PDPL in cases and conditions stipulated by PDPL. In order to apply for jobs, make requests and suggestions, introduce themselves and follow the user preferences more closely on the Users' Web Site Users acknowledge that they share their personal data that they will share for direct use of the website or to communicate with the Site entirely with their own wishes and express consent in accordance with the Law No. 6698 on Protection of Personal Data. Users acknowledge that this data is requested from them in order to introduce themselves, to provide better service to them, to be informed about their applications or complaints and site activities and innovations, and that traffic information can be processed as a provider during their visit. Your personal data will be shared in the following situations within the scope of the Turkish Commercial Code (TCC), the Turkish Code of Obligations, the Law on Consumer Protection, other relevant laws and regulations, and other relevant legislation To be able to record identity, address and other necessary information for determining the information of the transaction, showing the transaction or arrange all necessary receipts, records and documents in the paper environment, within the scope of the relevant laws and related legislation to keep records and documents for the periods stipulated by law, to ensure transaction security in accordance with relevant regulations. These data can ensure that information retention, reporting, and information obligations stipulated by public institutions and organizations or other authorities are fulfilled. The data can be used for the purposes mentioned above, to evaluate personal data shared during job applications, to store and collect them verbally, in writing or electronically, to the extent permitted by law and related legislation. The data may be transferred to public and private legal entities that are expressly authorized by law, but not limited to the specified institutions. All your personal data that you share with our company will be stored in accordance with Article 12 of the Personal Data Protection Law No. 6698, by respecting the confidentiality principles. Except for the exceptions / exclusions listed in the law, your personal data in question may only share this data with the employees of the company authorized to hold this data, or with the public institutions or organizations authorized to request this data, as required by a legal obligation.

13- COMPANY ENTRY-EXIT AND PROCESSING PERSONAL DATA IN THE COMPANY

In order to ensure security and to maintain operation by our company, In our company buildings (inside and outside), the surveillance activity is monitored with the security camera, and the entrance and exit of the guests are monitored, Personal data are processed in accordance with the Constitution, PDP Law and other relevant legislation. The image records of our visitors are taken to ensure the reliability and increase the service quality of our company through the camera monitoring system at the building, building entrances and inside the building. These records are taken for purposes such as to ensure the safety of our company, visitors and others, and for this purpose they are engaged in data processing. Only a limited number of Company employees have access to the records recorded and stored in the digital environment and declares that the data accessed by the confidentiality commitment will protect the confidentiality. Live camera images can be watched from outside security services. In accordance with Article 12 of the PDP Law, necessary technical and administrative measures are taken to ensure the security of personal data obtained as a result of camera surveillance. The records related to the internet access provided to our guests are processed only to be requested by the authorized public institutions and organizations or to fulfill our legal obligations during the audit processes to be carried out within our Company. Only a limited number of Company employees who have a confidentiality commitment have access to the logs obtained and access these records for use only in the requests or auditing processes from the authorized public institution and organization, and share them with legally authorized persons.

 DELETE AND ANONYMIZE THE PERSONAL DATA

Although it has been processed in accordance with PDPL article 7 and other relevant provisions of the law (Article 138 of the Turkish Penal Code), In the event that the reasons requiring processing disappear, the personal data is blocked or deleted, ex officio by the decision of the company or by the request of the personal data owner. Provisions of other laws regarding the blocking, deletion, destruction or anonymization of access to personal data are reserved. Our company, as deletion or destruction techniques, It can be used to delete personal data, physically destroy personal data, securely delete it from existing software, or turn off access in a way that cannot be recovered again through the company's expert technical personnel or the expert it will negotiate.

15- PUBLISHING AND STORING THE DOCUMENT

This Policy is stored in two different media: printed paper and electronic media.

16- UPDATE PERIOD

This Policy is revised in periods to be determined by the Company and, if necessary, is updated within the framework of the principles determined by the Company through laws and regulations..

17-ENFORCEMENT

This Policy is deemed to have come into force after it has been published on the Company website.