SVNNA Compressor Personal Data Processing, Protection, Storage and Destruction Policy

Contents

1. Introduction

1.1. Definitions
1.2. Purpose of Personal Data Processing and Destruction Policy
1.3. Scope and Effectiveness of the Policy
1.4. Situations Where Policy and Law Will Not Be Fully or Partially Applicable

2. Rules for the Protection of Personal Data

3. Processing of Personal Data and Sharing with Third Parties

3.1. General Principles in Processing Personal Data
3.2. Personal Data Collection Methods
3.3. Conditions for Processing Personal Data
3.4. Conditions for Processing of Special Personal Data
3.5. Conditions for Transferring Personal Data Domestically
3.6. Conditions for Transfer of Personal Data Abroad
3.7 Purposes of Transfer of Personal Data
3.8 Persons to whom Personal Data is Transferred

4. Types of Personal Data Processed by the Company and Purposes of Processing

4.1. Personal Data Types
4.2. Purposes of Processing Personal Data

5. Data Owner’s Rights and Rules for Using These Rights

5.1. Rights of the Data Owner
5.2. Exercise of Personal Data Owner’s Rights
5.3. Responding to the Data Owner’s Application

6. Personal Data Collection Method and Legal Reason, Deletion, Destruction and Anonymization and Storage Period

6.1. Reasons Requiring Storage and Destruction of Personal Data
6.2. Deletion, Destruction and Anonymization of Personal Data
6.3. Storage Period of Personal Data

Entrance

SVNNA Compressor As (“Company”), in our Company, in accordance with the Personal Data Protection Law No. 6698 (“Law”), the personal data of both the Company personnel and the third real persons whose information is processed are protected and processed in accordance with the law. Our company carefully fulfills its obligations imposed by the legislation in this regard and shows the highest level of sensitivity in this context.

Within the scope of this Personal Data Protection, Processing, Storage and Destruction Policy (“Policy”), there are basic rules regarding how and under what conditions personal data are processed, protected, stored and destroyed within the Company.

Definitions

  • Explicit Consent: Consent regarding a specific subject, based on informed consent and expressed with free will.
  • Personal Data: Any information regarding an identified or identifiable natural person (including but not limited to name-surname, address, TR ID number, telephone number, e-mail).
  • Destruction of Personal Data: Deletion, destruction or anonymization of personal data
  • Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system, It refers to any operation performed on data, such as classifying or preventing its use.
  • Employee: Personnel working on the company payroll.
  • Employee Candidate: Real persons who have applied for a job to our company by any means or have made their CV and relevant information available for review by our company.
  • Supplier / Consultant / Subcontractor: Real persons who supply goods or services to the Company and therefore obtain personal data from the Company.
  • Special Quality Data: Data regarding people’s race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and Genetic data is special personal data.
  • Personal Data Owner: Refers to Company Shareholders, Company Business Partners, Company Officials, Company Personnel and Personnel Candidates, Company Subcontractors, Suppliers, Customers and other Third Parties whose Personal Data is processed.
  • Company: SVNNA Compressor
  • Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept (data recording system) is the data controller.
  • Data Processor: A real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Purpose of Personal Data Processing and Destruction Policy

The main purpose of this Policy is to identify natural persons whose personal data are processed by our Company; to inform them about the process, manner and purposes of collecting, processing, storing, protecting and destroying their personal data, and their rights and methods of exercising their rights in accordance with the Law. In line with the purpose of the policy, it is aimed to ensure full compliance with the legislation in the protection and processing of Personal Data carried out by our Company and to protect the right to privacy and data security of Personal Data Owners.
Scope and Effectiveness of the Policy

The scope of this Policy; All processed personal data of our customers/employees, potential customers/employees, employees of the institutions we cooperate with and other persons whose data we process, provided that they are natural persons. In case of incompatibility between the legislation in force and the Policy, the provisions of the legislation will be applied first.

The Policy, issued and put into effect by SVNNA Compressor, is published on the Company’s website (www.svnnacompressor.com) and made available to relevant persons upon the request of Personal Data Owners.

Situations Where Policy and Law Will Not Be Fully or Partially Applicable

The provisions of this Policy and the Law will not apply in the following cases:

  • Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and obligations regarding data security are complied with,
  • Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,
  • Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime,
  • Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public safety, public order or economic security,
  • Processing of personal data by judicial authorities or enforcement authorities regarding investigation, prosecution, trial or enforcement proceedings,

Provided that it is in accordance and proportionate with the purpose and basic principles of this Policy and the Law, Article 10, which regulates the data controller’s obligation to inform, Article 11, which regulates the rights of the data subject, except for the right to request compensation for damage, and Article 16, which regulates the obligation to register in the Data Controllers Registry, will not be applied in the following cases:

  • Processing personal data is necessary for the prevention of crime or criminal investigation,
  • Processing of personal data made public by the relevant person,
  • Processing of personal data is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions and organizations and professional organizations that are public institutions, based on the authority granted by the law,
  • Personal data processing is necessary to protect the economic and financial interests of the State regarding budget, tax and financial matters,

Rules for the Protection of Personal Data

Our Company takes all necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing and access of Personal Data in accordance with the Law and to ensure the preservation of Personal Data. The precautions and precautions taken by our company are stated below, but are not limited to them.

  • Employees are trained and informed about ensuring the security of data and processing it in accordance with the law, in the light of the Law and other legislation and developments therein.
  • Employees and Data Processors are informed that they will not use the personal data they learn in violation of the provisions of the Personal Data Protection Law, that they will not transfer it to third parties, that they will process personal data in accordance with company policies and legislation, that they cannot use it for purposes other than the processing purpose specified in the policies, and that this obligation will continue even if they leave the job. Necessary commitments are taken.
  • Our company uses technological means and implementation costs, taking into account the nature of the data to be protected, in order to prevent personal data from being disclosed, accessed, transferred without care or unauthorized, or any other unlawful access, and to prevent personal data from being stored in secure environments and destroyed, lost or changed for unlawful purposes. It takes technical and administrative measures accordingly.
  • Our company concludes a contract with its business partners, customers and suppliers to whom it has transferred personal data, in order to prevent the unlawful processing of personal data and to ensure that it is processed and stored in accordance with the legislation. In these agreements, in addition to the provisions protecting the confidentiality of data, the purposes, scope and duration of processing of Personal Data are determined, the responsibilities of the parties are clearly regulated, and provisions sanctioning processing activities contrary to the law and contractual provisions are added.
  • In order to prevent unlawful intervention in Personal Data both within the company and externally, data recording environments are protected by various software/hardware and passwords, especially virus protection programs.
  • Data recording environments owned by our company are subjected to security tests by expert organizations at regular intervals, and if a security vulnerability is detected, the vulnerability is eliminated.
  • Access rights to Personal Data are limited and access records are kept.
  • Our company only allows persons who need access to personal data to process personal data in mandatory cases and for their work, and takes the necessary technical and administrative measures to detect unauthorized processing activities.
  • If personal data processed in accordance with the legislation is obtained by others through illegal means, our company carries out the necessary procedures to ensure that this situation is notified to the relevant personal data owner and the KVK Board as soon as possible and takes all precautions to prevent damage.

Processing of Personal Data and Sharing with Third Parties

General Principles in Processing Personal Data

Our company processes personal data in accordance with the provisions and rules set forth in the Personal Data Protection Law No. 6698 (“Law”) and other relevant legislation. Personal data processing principles are determined in the Law. Our company acts in accordance with these principles in every data processing activity.

  • Compliance with Law and Honesty Rules: Our Company processes Personal Data in accordance with the relevant legislation and the requirements of the honesty rule and uses it within these limits.
  • Being Accurate and Up-to-Date When Necessary: Our Company ensures that the Personal Data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of Personal Data Owners. In this context, it carefully takes into account issues such as determining the sources from which the data is obtained, confirming its accuracy, and evaluating whether it needs to be updated.
  • Processing for Specific, Clear and Legitimate Purposes: Our company clearly and precisely determines the legitimate and lawful purpose of processing personal data. Our company processes personal data in connection with the service it offers and as much as is necessary for them.
  • Being Relevant, Limited and Proportionate to the Purpose for which they are Processed: Our company processes personal data in a manner suitable for the achievement of the specified purposes and avoids the processing of personal data that is not relevant or needed to achieve the purpose.
  • Retention for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose of Processing: Our company retains personal data only for the period specified in the relevant legislation or necessary for the purpose for which they are processed. In this context, our Company first determines whether a period of time is stipulated in the relevant legislation for the storage of personal data, if a period is determined, it acts in accordance with this period, and if a period is not determined, it stores personal data for the period necessary for the purpose for which they are processed. If the period expires or the reasons requiring processing disappear, personal data is deleted, destroyed or anonymized by our Company.

Personal Data Collection Methods

Our Company collects and processes personal data in accordance with the regulations of this Policy, the Law and other relevant legislation, by written, verbal, electronic means, or by physically confronting the Data Owner.

Data collection process; i) Via third party digital channels or software, including the Website, Applications, e-mail, recruitment portals; ii) through means such as contracts, applications, forms, call center, remote support, sales and marketing unit, cookies on the Website, business cards and telephone; or iii) through face-to-face meetings with the Data Owner.

Conditions for Processing Personal Data

Personal data is processed by our company based on one or more of the personal data processing conditions specified in the Law. Our company does not process Personal Data without the explicit consent of the data owner. Our company may process Personal Data without the explicit consent of the data owner, if one of the following conditions exists.

  • Explicitly provided for in the law: Personal data of the data owner can be processed in accordance with the law if it is clearly provided for in the law. For example; Submission of information regarding employees’ salaries upon request of the Tax Office
  • It is Necessary for the Protection of the Life or Physical Integrity of the Person Who Is Unable to Express His Consent Due to Actual Impossibility or whose Consent Is Not Recognized as Legally Valid: Personal Data is processed by our Company without explicit consent in order to protect the life or physical integrity of individuals in cases where the consent cannot be expressed or is not valid. can be processed. For example, in a situation where the person’s consent is not valid due to unconsciousness or mental illness, the Personal Data of the Personal Data Owner may be processed during medical intervention in order to protect life or physical integrity.
  • It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract: For example, obtaining the bank and account information of the creditor party for the payment of money in accordance with the contract.
  • If it is mandatory for the data controller to fulfill its legal obligations: If processing is mandatory for our company to fulfill its legal obligations as the data controller, the personal data of the data owner may be processed. For example, in order to pay a salary to the employee, obtaining the employee’s bank and account information, asking whether he is married, his dependents, whether his spouse is working, and his social security information.
  • Personal Data being made public by the Data Owner himself: In the processing of such data that has been made public by the Personal Data Owners themselves, in other words, which has been disclosed to the public in any way, by our Company, the legal data that must be protected are processed. Since it is accepted that the benefit has disappeared, personal data may be processed for this reason.
  • When data processing is mandatory for the establishment, exercise or protection of a right: Our company may process the Personal Data of Personal Data Owners without seeking explicit consent in cases where data processing is mandatory for the exercise or protection of a legally legitimate right. For example; Using some data for evidence in a lawsuit filed by the employee.
  • It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person [Data Owner]. In such cases, it may process the Personal Data of Personal Data Owners. For example, processing of employees’ personal data to be used as a basis for their promotions, salary increases or social rights, or for the distribution of duties and roles during the restructuring of the business, provided that it does not harm the fundamental rights and freedoms of the employees,

Conditions for Processing of Special Personal Data

Our company strictly complies with the regulations stipulated in the KVK Law in the processing of personal data determined as “special nature” by the KVK Law.

In Article 6 of the Personal Data Protection Law, certain personal data that pose the risk of causing victimization or discrimination when processed unlawfully are designated as “special quality data”. These data; Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.

By our Company in accordance with the KVK Law; Special categories of personal data are processed in the following cases, provided that adequate measures are taken to be determined by the KVK Board:

  • If the personal data owner has explicit consent or
  • If there is no explicit consent of the personal data owner;
  1. Special categories of personal data, other than the health and sexual life of the personal data owner, in cases stipulated by law,
  2. Special personal data regarding the health and sexual life of the personal data owner can only be used by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing. It is processed by.

Conditions for Transferring Personal Data Domestically

In line with legitimate and lawful Personal Data processing purposes, our Company may provide Personal Data to third parties based on and limited to one or more of the Personal Data processing conditions specified in Article 5 of the Law listed below:

  • If the Personal Data owner has explicit consent;
  • If there is a clear regulation in the law regarding the transfer of Personal Data,
  • If it is necessary to protect the life or physical integrity of the Personal Data owner or someone else and the Personal Data owner is unable to express his/her consent due to actual impossibility or if his/her consent is not given legal validity,
  • If it is necessary to transfer the Personal Data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
    if the transfer of Personal Data is mandatory for our Company to fulfill its legal obligation,
  • If Personal Data has been made public by the Personal Data owner,
  • If Personal Data transfer is mandatory for the establishment, exercise or protection of a right,
  • Provided that the fundamental rights and freedoms of the Personal Data owner are not harmed, Personal Data transfer may be transferred if it is necessary for the legitimate interests of our Company.

Conditions for Transferring Personal Data Abroad

In accordance with Article 9 of the Law, Personal Data, as a rule, cannot be transferred abroad without the explicit consent of the Data Owner. However, Article 3.3 of this Policy. and if one of the situations specified in Article 3.4, in which it is stated that the Data Owner’s consent will not be required, exists, it is possible to transfer Personal Data to third parties abroad without seeking the Data Owner’s explicit consent, under the following conditions:

  • There is adequate protection in the foreign country to which Personal Data will be transferred,
  • In case there is no adequate protection, the data controllers in Turkey and the relevant foreign country must undertake in writing to provide adequate protection and have the permission of the Board.

Without prejudice to the provisions of international agreements, Personal Data may be transferred abroad only with the permission of the Board, after obtaining the opinion of the relevant public institution or organization, in cases where the interests of Turkey or the Data Owner will be seriously harmed.

Purposes of Transfer of Personal Data

The scope of the third parties to whom the transfer is made and the purposes of data transfer are stated below:

  • In order to ensure that the purposes of establishing a business partnership are fulfilled with business partners, including companies from which we receive outsourcing services at home and abroad,
  • In order to ensure that the services that our company procures from external suppliers and that are necessary to carry out our company’s commercial activities are provided to our company,
  • In order to ensure the execution of commercial activities that require the participation of our company,
  • For the planning and auditing purposes of our company’s strategies regarding its commercial activities,
  • In order for our company to carry out its activities within the scope of services to be provided to the customers we serve,
  • For the purposes of designing strategies regarding our company’s commercial activities and auditing in accordance with the legislative provisions regarding our shareholders,
  • For the purpose requested by Legally Authorized Public Institutions and Organizations and relevant public institutions and organizations within their legal authority,
  • For the purpose requested by Legally Authorized Private Legal Persons and related private legal persons within their legal authority,
  • In any case, Article 4.2 of the Policy. It can be shared within the scope of the purposes specified in the article.

Persons to whom Personal Data is Transferred:

Our Company may transfer Personal Data to the following third parties, who may be natural or legal persons, at home or abroad, in accordance with Articles 8 and 9 of the Law, in order to achieve the purposes specified in Articles 3.7 and 4 of this Policy. Our company can transfer personal data to the following groups of people for the purposes specified in this Policy.

  • Consultants
  • Audit Firms
  • Companies from which services are received
  • Collaborating Companies
  • Customers
  • Shareholders
  • Suppliers
  • R&D Management (Managing Company)
  • Banks and Financial Institutions
  • Judicial Authorities and Public Authorities

Types of Personal Data Processed by the Company and Purposes of Processing

Personal Data Types

Identity Information: Clearly belonging to an identified or identifiable natural person; These are data containing information regarding the identity of the Person, processed partially or fully automatically or non-automatically as part of the data recording system. Name-surname, TR ID number, marital status, nationality information, parents’ name-surname, date of birth, gender and other identity information, driver’s license, identity card, passport and other documents containing this information, as well as tax number, SSI number, signature information, vehicle license plate and other information.

Contact Information: Phone number, address, e-mail address, fax number, IP address and other information.

Customer Information: Clearly belonging to an identified or identifiable natural person, processed partially or fully automatically or non-automatically as part of the data recording system; Information obtained and produced about the relevant person as a result of our commercial activities and the operations carried out by our business units within this framework.

Financial Information: Personal data processed regarding information, documents and records showing all kinds of financial results arising from the employee, employer or other commercial relationship that the Company has established with the Relevant Person, as well as bank account number, branch code, bank card information, IBAN number, credit card information, financial profile, credit score, asset data, income information and other information.

Visual and Audio Information: Photographs and camera recordings, sound recordings and all data containing this data and other information.

Personal Information: All kinds of personal data processed to obtain information that will be the basis for the protection of the personal rights of real persons who are in a working relationship with the Personal Data Owner.

Location Information: Information that determines the location of the Relevant Person while using Company vehicles within the framework of the activities and operations of the Company or the companies and institutions with which it cooperates; GPS location, travel data and other information.

Family Members and Relative Information: Family members of the Relevant Person (e.g. spouse, mother, father, child), within the scope of the activities and operations of the Company or the companies and institutions with which it cooperates, or in order to protect the legal and other interests of the Company and the Relevant Person. ) is the identity and contact information of relatives and other persons who can be reached in case of emergency, as defined above.

Special Personal Information: Data specified in accordance with Article 6 of the Law (health data, biometric data)

Request/Complaint Management Information: Personal data regarding the receipt and evaluation of requests or complaints directed to our company.

Purposes of Processing Personal Data

Our company processes Personal Data for certain, clear and legitimate purposes. In this context, Personal Data may be processed for the following purposes:

  • Conducting Employee Candidate/Intern/Student Selection and Placement Processes
  • Carrying out the application processes of employee candidates,
  • Conducting Employee Satisfaction and Dependency Processes
  • Conducting job interviews, evaluating job applications,
  • Establishment, execution and termination of the employment relationship/contract,
  • Ensuring that company employees benefit from the main and subsidiary rights arising from their employment contracts, and evaluating their performance and work,
  • Opening a user account for employees, issuing company ID cards and meal cards,
  • Ensuring transportation organization for company employees,
  • In case of participation in an organization on behalf of the company, creating a participant record,
  • Creating employee training attendance and certificate records,
  • Execution of access authorizations
  • Conducting Performance Evaluation Processes
  • Creating participant registration in events/trainings organized by the company, issuing certificates/participation documents, determining award/gift recipients and delivering awards/gifts,
  • Negotiation, conclusion and execution of contracts,
  • Providing products and services,
  • Providing on-site consultancy services to the customer,
  • Providing technologically based services to customers,
  • Determining the customer’s needs,
  • Customization of offered products and services in accordance with demands; updating and improving due to customer needs, legal and technical developments,
  • Identification of users into the systems, specific to the products and services offered,
  • Providing call center and remote support services, tracking the number of calls and content,
  • Announcement of new or existing products, services and campaigns, carrying out sales and marketing activities,
  • Conducting market research,
  • Creating statistics and analyzing usage,
  • Payment and collection of product, service and service fees, selection of collection method,
  • Establishing contact/communication,
  • Carrying out commercial relations with collaborating companies, suppliers, resellers and service providers,
  • Reporting within the framework of cooperation,
  • Evaluation of the business partnership application process of resellers,
  • Developing the company’s commercial strategies and making plans,
  • Establishing communication for satisfaction measurement surveys,
  • Management of judicial/administrative processes, responding to requests from public institutions, fulfilling legal obligations in accordance with legal regulations, resolving legal disputes,
  • Conducting investor relations,
  • Introducing Company employees, Real Person Resellers/Customers, Resellers/Customer Contacts in social media posts,
  • Ensuring the internal and environmental security of the company and the security of the Website and Applications,
  • Usage analysis of the Website,
  • Creating a personal data inventory,
  • Evaluating and responding to all questions, requests, suggestions, complaints and applications submitted in writing, verbally or electronically, including those regarding personal data.
  • Creating and tracking visitor records
  • Planning and execution of emergency management processes,
  • Planning and execution of the company’s operational risk processes,
  • Execution of other operational activities that may occur,
  • Execution of Information Security Processes,
  • Carrying out Audit / Ethics Activities,
  • Carrying out financial and accounting affairs,
  • Carrying out the marketing processes of products and services,
  • Execution of wage policy
  • Carrying out social responsibility and civil society activities,
  • Carrying out activities aimed at customer satisfaction,
  • Ensuring Physical Space Security,
  • Follow-up and Execution of Legal Affairs,
  • Conducting Marketing Analysis Studies,
  • Execution of Advertising / Campaign / Promotion Processes,
  • Execution of Risk Management Processes,
  • Carrying out storage and archive activities,
  • Execution of contract processes,
  • Handling requests and complaints,
  • Carrying out Talent / Career Development activities,
  • Carrying out management activities,
  • Other

Data Owner’s Rights and Rules for Using These Rights

Rights of Personal Data Owner

Our company informs Personal Data Owners during the collection of personal data in accordance with Article 10 of the KVK Law. In this context, it clarifies the identity of the Company representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of the Personal Data Owner.

Personal data owners can contact our Company to;

  1. Learning whether personal data is being processed or not,
  2. Requesting information if personal data has been processed,
  3. Learning the purpose of processing personal data and whether they are used for their intended purpose,
  4. Knowing the third parties to whom personal data is transferred at home or abroad,
  5. Requesting correction of personal data in case personal data has been processed incompletely or incorrectly and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
  6. Requesting the deletion or destruction of personal data in case the reasons requiring processing no longer exist, even though it has been processed in accordance with the law and other relevant legal provisions, and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
  7. Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
  8. In case of damage due to unlawful processing of personal data, they have the right to demand compensation for the damage.

Exercise of Personal Data Owner’s Rights

Personal data owners will be able to submit their requests regarding their rights stated in the Law and quoted above to our company. To apply, you can fill out and submit the Application Form at svnnacompressor.com/en/contact.

As a rule, our company fulfills the applications of data owners free of charge. However, if the requested transaction has an additional cost, the fees in the tariff determined by the Board may be requested from the applicant data owner.

Incomplete application forms will not be processed by our company. Our company may request additional information and documents from the applicant data owner in order to confirm whether the applicant is the personal data owner or to clarify the request if the nature of the request is not clear from the content of the form.

In order for a third party to apply on behalf of the personal data owner, there must be a special power of attorney issued by the personal data owner on behalf of the relevant third party. An explanation of how the application form should be filled is included in the form.

Responding to the Data Owner’s Application

Requests sent via the form will be answered free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request.

In the application; In cases where incomplete or incorrect information is shared, the request is not expressed clearly and understandably, documents supporting the request are not submitted at all or as required, and a copy of the power of attorney is not attached to applications made through proxy, our Company may have difficulty in meeting the requests and delays may occur in the research process. For this reason, it is important to comply with these issues in the use of the rights specified in Article 11 of the Law. Otherwise, our Company will not be held responsible for any delays that may occur.

Our Company’s legal rights are reserved against inaccurate, untrue/unlawful and/or malicious applications.

In cases where the personal data owner’s application is rejected in accordance with Article 14 of the Law, the answer given is insufficient, or the application is not responded to in time; may file a complaint with the Board within thirty days from the date of learning our company’s answer, and in any case within sixty days from the date of application (to the Company).

Deletion, Destruction, Anonymization and Storage Period of Personal Data

Reasons Requiring Storage and Destruction of Personal Data

In case the purpose or secondary purposes of collecting personal data are eliminated, Personal Data is collected by our Company;

  • In order for our company to fulfill its legal responsibilities that have arisen or may arise and in accordance with the measures and / or periods prescribed by law,
  • Data that is intended to be deleted and/or anonymized are; In a way that is not ready for access (“live”) in backup/archive and similar environments for business continuity, data loss prevention and data protection purposes,
  • Data to be destroyed by deletion, destruction or anonymization will continue to be stored until the next periodic destruction date at the latest.

Deletion, Destruction or Anonymization of Personal Data

Without prejudice to the provisions of other laws regarding deletion, destruction or anonymization of Personal Data, our Company deletes Personal Data ex officio or upon the request of the data owner, in case the reasons requiring processing are eliminated, even though it has been processed in accordance with the provisions of this Law and other laws, destroys or anonymizes.

By deleting personal data, this data is destroyed in a way that cannot be used again and cannot be recovered. Accordingly, data is irreversibly deleted from the documents, files, CDs, floppy disks and hard disks in which they are recorded.

Destruction of data refers to the destruction of materials suitable for storing data, such as documents, files, CDs, floppy disks and hard disks, in which the data is recorded, in such a way that the information cannot be retrieved or used again.

By anonymizing the data, it is meant to make the Personal Data unable to be associated with an identified or identifiable natural person, even if it is matched with other data.

Storage Period of Personal Data

Our company stores Personal Data in accordance with the periods stipulated in laws and other legislation. If there is no period regulation in the laws and other legislation regarding how long Personal Data should be stored, Personal Data is processed for a period of time until the purpose of processing Personal Data is achieved when our Company processes that Personal Data, and then it is deleted, destroyed or anonymized.