General Data Protection

General Data Protection Regulation

YATAY KAPI PENCERE VE SİNEK. İTH. İMAL. İÇ VE DIŞ TİC. LTD.ŞTİ

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

 

Protection of personal data is of great importance for our company YATAY KAPI PENCERE VE SİNEK. İTH. İMAL. İÇ VE DIŞ TİC. LTD.ŞTİ. and our company shows maximum sensitivity in this regard.

 

Protection of personal data is of great importance for our company YATAY KAPI PENCERE VE SİNEK. İTH. İMAL. İÇ VE DIŞ TİC. LTD.ŞTİ. and our company shows maximum sensitivity in this regard. According to the Constitution of the Republic of Turkey, everyone has the right to demand the protection of their personal data. Regarding the protection of personal data, which is a constitutional right, Company pays due attention to the protection of the personal data of employee candidates, company officials governed by this policy, visitors, employees, shareholders and officials of the institutions with which it cooperates, and third parties, and makes this a company policy. In this context, necessary administrative and technical measures are taken by the Company for the protection of personal data processed in accordance with the relevant legislation.

 

  1. Definitions

Within the scope of this policy;

Data Controller: means YATAY KAPI PENCERE VE SİNEK. İTH. İMAL. İÇ VE DIŞ TİC. LTD. ŞTİ.,

Relevant person/natural person: Personal data subject,

Recording medium: Any environment where personal data is processed wholly or partially automatically or non-automatically provided that it is a part of any data recording system,

Site: Websites at www.sinax.com.tr and  www.sinekliksistemleri.com.tr

Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,

Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,

Law No. 5651: Law on the regulation of broadcasts made on the Internet and the fight against crimes committed through these broadcasts,

Law No. 6698/PDPL: refers to the law on the protection of personal data.

 

  1. What is the Personal Data Collection Method and its Legal Reason?

In order to carry out our activities, personal data is collected by our Company at a minimum level through different channels and based on legal reasons to ensure compliance with the legislation and Company policies. Personal data can also be processed and transferred for the purposes specified in this Information Text, within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the PDPL, in accordance with the basic principles stipulated by the PDPL.

 

III. In the Light of Which Principles and for What Purpose Is Personal Data Processed?

The principles adopted by the company in the processing of personal data in this Policy are as follows;

 

  • Clarifying and informing personal data owners,
  • Establishing the necessary system for personal data owners to exercise their rights,
  • Taking the necessary measures in the protection of personal data,
  • Processing personal data in accordance with the law and honesty rules,
  • Keeping personal data accurate and up-to-date when necessary,
  • Processing personal data for specific, explicit and legitimate purposes,
  • Processing personal data in connection with the purpose for which they are processed, limited and measured,
  • To act in accordance with the relevant legislation and PDP board regulations in the transfer of personal data to third parties in line with the requirements of the processing purpose,
  • Showing the necessary sensitivity to the processing and protection of sensitive personal data.
  • Keeping personal data for as long as required by the relevant legislation or for the purpose for which they are processed,
  • Collected personal data can be processed by the Company for the following purposes, in accordance with the basic principles stipulated by the PDPL and the principles presented by the company above, and within the personal data processing conditions and purposes specified in Articles 5 and 6 of the PDPL.

 

The personal processing purposes are:

  • It is clearly stipulated in the law for the company to carry out relevant activities regarding the processing of personal data,
  • The processing of personal data by the company is directly related to and necessary for the establishment or performance of a contract,
  • The processing of personal data is mandatory for the Company to fulfill its legal obligations,
  • Provided that the personal data has been made public by you; your processing by the company in a limited way for the purpose of making you public,
  • The processing of personal data by the company is mandatory for the establishment, use or protection of the rights of the company or you or third parties,
  • It is mandatory to process personal data for the legitimate interests of the company, provided that it does not harm your fundamental rights and freedoms,
  • The personal data processing activity by the company is mandatory for the protection of the life or physical integrity of the personal data owner or someone else, and in this case, the personal data owner is unable to express his consent due to actual or legal invalidity,
  • It is stipulated in the laws in terms of special quality personal data other than the health and sexual life of the personal data owner,
  • In terms of sensitive personal data related to the health and sexual life of the personal data owner, protection of public health, preventive medicine, medical diagnosis, treatment and care services, health services and it is processed by persons or authorized institutions and organizations under the obligation of secrecy for the purpose of planning and management of the financing,
  • Planning and execution of corporate sustainability activities,
  • Management of relations with business partners or suppliers,
  • Execution of Emergency Management Processes
  • Execution of Information Security Processes
  • Execution of Employee Candidate / Intern / Student Selection and Placement Processes
  • Execution of Application Processes of Employee Candidates
  • Fulfillment of Employment Contract and Legislative Obligations for Employees
  • Execution of Benefits and Benefits Processes for Employees
  • Execution of Employee Satisfaction and Loyalty Processes
  • Conducting Audit / Ethical Activities
  • Conducting Educational Activities
  • Execution of Access Authorizations
  • Execution of Activities in Compliance with the Legislation
  • Execution of Finance and Accounting Affairs
  • Execution of Company / Product / Services Loyalty Processes
  • Providing Physical Space Security
  • Execution of Assignment Processes
  • Follow-up and Execution of Legal Affairs
  • Conducting Internal Audit / Investigation / Intelligence Activities
  • Execution of Communication Activities
  • Planning of Human Resources Processes
  • Execution / Supervision of Business Activities
  • Execution of Occupational Health / Safety Activities
  • Conducting Business Continuity Ensuring Activities
  • Execution of Logistics Activities
  • Execution of Goods / Services Procurement Processes
  • Execution of Goods / Services After-Sales Support Services
  • Execution of Goods / Services Sales Processes
  • Execution of Goods / Services Production and Operation Processes
  • Execution of Customer Relationship Management Processes
  • Execution of Activities for Customer Satisfaction
  • Conducting Marketing Analysis Studies
  • Execution of Advertising / Campaign / Promotion Processes
  • Execution of Risk Management Processes
  • Execution of Storage and Archive Activities
  • Execution of Contract Processes
  • Execution of Strategic Planning Activities
  • Execution of Logistics Activities
  • Follow-up of Requests / Complaints
  • Ensuring the Security of Movable Property and Resources
  • Execution of Supply Chain Management Processes
  • Execution of Wage Policy
  • Execution of Marketing Processes of Products / Services
  • Ensuring the Security of Data Controller Operations
  • Execution of Investment Processes
  • Execution of Talent / Career Development Activities
  • Providing Information to Authorized Persons, Institutions and Organizations
  • Execution of Management Activities
  • Creating and Tracking Visitor Records

If the processing activity carried out for the aforementioned purposes does not meet any of the conditions stipulated under the PDP law, your explicit consent is obtained by the Company regarding the relevant processing process.

  1. Obtaining and Processing Personal Data
  • Processing of Personal Data of Website Users (Online Visitor) and WIFI Service Users

Users using the site in order to make requests and suggestions; they can submit information such as name, surname, e-mail, message, sector and subject of the form by filling out forms at www.sinax.com.tr and www.sinekliksistemleri.com.tr.

Users accept that they share this personal data on the site completely of their own will. These personal data will only be processed for the purpose of evaluating requests and suggestions made by users.

In addition, “traffic information”, which consists of the IP address of the users visiting the website, the start and end time of the service provided, the type of service used, the amount of data transferred and the subscriber identity information, if any, are processed in accordance with the Law No. 5651.

The company visits its campus physically and processes mobile phone number and traffic information from visitors who want to use wifi, in order to provide this service and to comply with the Law No. 5651 and the relevant Secondary legislation.

  • Processing of Personal Data of Suppliers and Customers:

The company processes the minimum level of personal data belonging to a natural person supplier, supplier employee and/or supplier official for the purpose of monitoring and executing product, service or goods procurement processes. Relevant data (Name, surname, phone and e-mail information) are stored in the CRM environment, exchange environment and company phones.

  • Information about Company Personnel

This information belongs to the employees of the Company and with the express consent of the employees, the minimum level of information required by the relevant law has been obtained and is kept in the personnel files, netsis payroll program and in the common area.

  • While the employees are working, this information is in the personnel file, the information of the leaving employees is kept in accordance with the relevant law and then destroyed.
  • Upon the request of the customers, CV information of our employees is shared with the customers in order for the company to continue its commercial activities and express consent is obtained from the employee.
  • Personal data cannot be stored on telephones, computers and tools etc. that the company embezzles to the employees, in the event that the equipment is returned, all information on the device will be cleared and the employee cannot make any requests for personal data.
  • Applications made to the company over the net are not stored or recorded. Explicit consent is obtained from the candidates who are called for the interview that their CV information will be kept for the relevant period. Applications are filed and destroyed at the end of the deadline.
  • Ensuring the Security of Visitors’ Personal Data and Sharing Personal Data
  • Visual records of visitors and CCTV records are kept in systems that are accessible only to authorized persons and are kept for 30 days and are automatically deleted on the 31st day. These personal data are shared with public institutions and organizations that are legally authorized to request the data, upon request.
  • Except for the image recording, personal data of the visitors are not recorded for visual space security.

 

  1. Security of Personal Data,
  • Personal data mentioned above are kept in the database of the company, in accordance with Article 12 of the Law on the Protection of Personal Data No. 6698, by providing confidentiality and security requirements and are not shared with third parties for commercial purposes.
  • The company takes the following measures as a minimum in order to ensure the security of the personal data you process, to prevent unlawful access and to prevent illegal data processing:
  • It takes hash, encryption, transaction log, access management and physical security measures to ensure that information systems containing personal data are protected against unauthorized access and illegal data processing.
  • The website and all systems containing personal data are protected by a network firewall.
  • The company stores the personal data of online and physical visitors in accordance with the legislation and can share it with the relevant public institutions and organizations upon request. Personal data regarding suppliers can be shared with the Company and relevant public institutions regarding the goods, products or services provided.
  • The rights on the personal data shared with us within the scope of the purposes specified in this Personal Data Protection Policy and the processing methods of personal data are as follows, as they have in accordance with Article 11 of the Law No. 6698:
  • Learning whether personal data is processed or not,
  • If personal data has been processed, requesting information about it,
  • Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
  • Requesting the deletion or destruction of personal data in the event that the reasons requiring it to be processed disappear despite the fact that it has been processed in accordance with the provisions of the PDPL and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
  • Objecting to the emergence of a result against the person himself by analysing the processed data exclusively through automated systems,
  • Requesting the compensation of the damage in case of loss due to unlawful processing of personal data.
  • To exercise these rights, you can always contact us using the contact information on our website. Our Company will conclude the request free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee determined by the Personal Data Protection Board will be charged by us.
  1. Keeping Personal Data Accurate and Up-to-Date
  • Relevant groups of persons whose personal data we process are accurate and up-to-date with the personal data that they share on the Website and/or that they personally provide, and that they receive due to the contractual relationship can exercise their rights over their personal data within the meaning of PDPL, and they have accepted and declared that they know that it is important in terms of other relevant legislation and that the responsibility arising from giving false information will be entirely their own. You can make changes and/or updates of shared personal data by contacting us through our website.

VII. Personal Data Retention Period

Data Category Data Retention Period Data Category Data Retention Period
1- Identity Legal Business Relationship + 10 9- Risk management Legal Business Relationship + 10
2- Communication Legal Business Relationship + 10 10- Finance Legal Business Relationship + 10
3- Location Legal Business Relationship + 10 11- Professional experience Legal Business Relationship + 10
4- Briefness Legal Business Relationship + 10 12- Marketing Legal Business Relationship + 10
5- Legal action Legal Business Relationship + 10 13- Audio and Visual Records Legal Business Relationship + 10
6- Customer Transaction Legal Business Relationship + 10 21- Health Information Legal Business Relationship + 15
7- Physical Space Security 30 days 23- Criminal Conviction and Security Measures Legal Business Relationship + 10
8- Transaction Security Legal Business Relationship + 10

VIII. Deletion, Destruction or Anonymization of Personal Data

  • Personal data processed for the purposes specified in this Personal Data Protection Policy will continue to be anonymized and used by us when the purpose that requires processing according to Article 7/f.1 of Law No. 6698 disappears and after the periods determined by law, according to Article 17 and Article 138 of the Turkish Penal Code.
  • When the storage periods stipulated in the relevant legislation or required by the purpose of processing expire, within the 6-month period foreseen for periodic destruction; anonymizes the personal data it processes by using one or more techniques that are most appropriate for its business processes and activities, among the anonymization methods specified in the guide on deletion, destruction or anonymization of personal data published by the Personal Data Protection Board, and continues to use the data in this way.

 

  1. Changes and Updates to the Policy

The company may make changes or updates in this policy in line with legal regulations and company policy. Relevant people are informed about the new policy text reflecting all these changes and updates on our websites www.sinax.com.tr and www.sinekliksistemleri.com.tr.

 

In the capacity of data controller, YATAY KAPI PENCERE VE SİNEK. İTH. İMAL. İÇ VE DIŞ TİC. LTD.ŞTİ. the issues are publicly available on the website of the PDP institution at www.verbis.kvkk.gov.tr, and it is possible for the Relevant Person / Data Owners to obtain information about

  • Which of the processed personal and special data are processed,
  • For what purposes it is processed,
  • With which recipient group it is shared,
  • For what time it is stored,
  • Which persons’ personal or private data are received and processed,
  • Whether or not transfers are made to foreign countries,
  • With what security measures it is stored,

 

Date of update: 01.07.2021

Revision No      : 21.001

YATAY KAPI PENCERE VE SİNEK. İTH. İMAL. İÇ VE DIŞ TİC. LTD. ŞTİ.