Clarification Statement of Personal Data Protection Law


Definitions

The terms used in this clarification text refer to the following definitions;

Personal Data: Any information relating to an identified or identifiable natural person.

Personal Data Protection Law (“KVKK”):  Personal Data Protection Law No. 6698, which was published in the Official Gazette on April 7, 2016.

Data Processor: The natural or legal person who processes Personal Data on behalf of the data controller, based on the authority given by the data controller.

Data Controller: The natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.

Relevant Person: The natural person whose personal data is processed.

 

As AD Tanıtım Turizm Org. Teks. Gıda Tic.ve San. İth. İhr. Ltd. Şti ("Our Company"), protecting fundamental rights and freedoms, protecting privacy, ensuring and protecting information security, and respecting ethical values are among our most important principles. Therefore, as part of the fulfilment of our obligation to provide information under Article 10 of the Personal Data Protection Law ("KVKK"), you are provided with the following explanations for your information;

 

 

Data Controller:

With respect to your personal data, the "Data Controller" is AD Tanıtım Turizm Org. Teks. Gıda Tic.ve San. İth. İhr. Ltd. Şti. registered in the Commercial Register of Antalya under the registration number 29056, with the Central Registration System Number 0007011523500015 and the registered office at the address "Güzeloluk Mah. 1879 Sk. No:146 Muratpaşa / ANTALYA".

 

 

Parties whose data is collected

Within the scope of the Personal Data Protection Law, we collect the data of the parties mentioned below who have a business relationship with our company. These are;

· Our employees and employee candidates

· Family members and relatives of our employees and employee candidates,

· Our customers,

· Our suppliers,

· Our consultants,

· Our business partners,

· Our shareholders,

· Our company officials,

· Our company representatives,

· Person(s) with whom we have a contractual relationship and their employees

· Person(s) who are the addressee of legal proceedings,

· Survey participants,

· Our visitors.

 

Data Collected and Processed by Our Company from the Parties

 

Within the scope of Articles 5 and 6 of the Personal Data Protection Law, we collect and process the following data from the parties of our company. These are;

- Information on family and social life,

- Information on education and training,

- Employment information,

- Information on handling inquiries/complaints,

- Information on legal matters,

- Information on ethical values and compliance with laws,

- Financial information,

- Audit information,

- Information on the use of electronic media,

- Information on the goods and services offered and provided

- Information on business activities,

- Information on business and other licenses and permits,

- Information on the security of the physical location,

- Visual and auditory information (photo, camera, sound recordings),

- Telecommunications records,

- Records on the use of e-mail and information system services,

- Login records,

- Union membership information,

- Health records and health information,

- Biometric data

- Information on criminal records.

Data Collection Purposes of Our Company

Within the scope of Articles 5 and 6 of the Personal Data Protection Law, we collect and process data in order to realize our company purposes, which we have stated below, provided that they are limited to the relevant purposes. These are;

 

- Performance of the commercial activities of our company.

- Ability to carry out business processes related to commercial activities,

- Management and execution of relationships with business partners and/or suppliers,

- Technical management of our company's websites,

- Customer management and handling of complaints,

- Follow-up on product surveys and questions you send to our company,

- Performing the necessary work through our business units so that you can benefit from our company's products and services,

- Planning and carrying out sales, marketing and after-sales processes of products and/or services,

- Providing information about the content of products and services,

- Possibility of sending commercial electronic messages by obtaining a separate authorization in accordance with the law,

- Conducting contests, events and other organizations,

- Conducting legal and commercial relations with our company and persons who have business relations with our company, and ensuring the security of these relations,

- Administrative operations for communications carried out by our company,

- Employee administration and management,

- Ensuring the physical security and control of the company's sites,

- Planning logistical activities,

- Carrying out reputational research processes,

- Compliance with ethical values and laws, and execution of legal business and procedures,

- Follow up on contract processes and/or legal requests,

- Planning and executing Human Resources and recruitment processes, and oversee and implement training and development activities,

- Planning and/or implementation of processes in the area of health and/or safety in the workplace,

- Planning and execution of corporate communications and corporate governance activities,

- Execution of information security services,

- Performing financial and/or accounting tracking and auditing activities,

- Establishing and implementing our company's commercial and business strategies,

- Creation and tracking of visitor data,

- For other purposes communicated to the data subject at the time of collection of the data.

- Ensuring compliance with legal obligations as prescribed or required by relevant legislation.

Disclosure of data collected and processed by our company for its purposes.

Your personal data collected by our company under the conditions and purposes of data processing referred to in Articles 8 and 9 of the Personal Data Protection Law may be disclosed to our affiliates, shareholders, business partners (only in anonymous form), legally authorized public bodies and private individuals, as well as other persons within the scope of the above purposes.

Data Collection Method and Legal Reason by Our Company

Personal data may be collected by our company by giving oral, written and/or electronic information to the holders of the personal data in a clear and understandable manner, and when necessary, by oral, written and/or electronic means, in accordance with the law and honesty, in connection with the legitimate purposes clearly stated above, and will be collected, used, recorded, stored and processed on a limited basis within the framework of the principle of proportionality.

We assure that your personal data will not be processed by our company for purposes other than those stated in this information document and will not be disclosed or stored to third parties in the country or abroad.

Retention period of the data collected by our company

Your personal data will be stored for the retention periods specified in the relevant legal provisions, if no period is specified in the relevant legal provisions, in accordance with the practices of our company and the customs of business life or for the period necessary for the above processing purposes. Thereafter, they will be deleted, destroyed or anonymized in accordance with Article 7 of the Personal Data Protection Law.

 

Security of Your Data Collected and Processed by Our Company

 

In order to prevent your personal data from being exposed to unauthorized access, lost or damaged in the environments where they are processed and stored, the technical and administrative measures of the Information Security Management System (ISO Standard 27001 and Good Practice Booklets 27018 and 27701), promoted by our management, the requirements of the Data Protection Management System (Bureau Veritas - Data Protection Technical Standard, BS 10012 Data Protection Personal Information Management System Standard), as well as the requirements of the Personal Data Security Guide published by the Legislative Committee for the Protection of Personal Data, are constantly operated and developed as part of continuous improvement.

Rights of Relevant Person whose Data is Collected and Processed

In accordance with Article 11 of the Personal Data Protection Law, everyone will have the following rights regarding himself/herself by applying to the data controller.

 

a) To know whether personal data are processed or not,

b) If personal data have been processed, to request information about it,

c) To know the purpose for which personal data are processed and whether they are used in accordance with that purpose,

ç) To know the third parties to whom personal data are disclosed in the country or abroad,

d) To request the rectification of personal data in case of incomplete or inaccurate processing,

e) To request the erasure or destruction of personal data under the conditions set forth in Article 7,

f) To request the communication to third parties to whom personal data have been disclosed of the transactions carried out pursuant to letters d) and e),

g) To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,

ğ) in case of damage due to unlawful processing of personal data, to claim compensation for the damage.

Application methods within the rights of the data subject

 

Pursuant to Article 13(1) of the Personal Data Protection Law , you may submit your request to exercise your above-mentioned rights in accordance with the "Communiqué on the procedures and principles of the request to the data controller" published on March 10, 2018 under number 30356, in the following manner and with the following information.

1. Name and surname of the applicant.

2. If the applicant is a citizen of the Republic of Turkey, the identity number of the Turkish Republic, if not, the citizenship and passport number or, if available, the identity number.

3. The place of residence or the address of the applicant's place of work for service.

4. The e-mail address, telephone or fax number of the applicant.

5. Subject of the request of the applicant.

6. Information and documents related to the request of the applicant.

Application Methods;

1. The applicant may fill in the "application form" personally and send it to the address AD Tanıtım Turizm Org. Teks. Gıda Tic.ve San. İth. İhr. Ltd. Şti.* and deliver it to the Counselling Centre together with a written report in a sealed envelope and with the words "Request for information pursuant to the Personal Data Protection Law'' written on the envelope.

2.The applicant may send a notice to AD Tanıtım Turizm Org. Teks. Gıda Tic.ve San. İth. İhr. Ltd. Şti.* via a notary public, but the note "Request for information pursuant to the Personal Data Protection Law'' should be placed on the notification envelope.

3. With the "Secure Electronic Signature", defined in Law No. 5070 on Electronic Signature, the applicant may personally contact the registered e-mail address of our company adtanitimcorendon@hs05.kep.tr by putting the note "Request for information pursuant to the Personal Data Protection Law'' in the subject part.

 

*  Güzeloluk Mah. 1879 Sk. No:146 Muratpaşa / ANTALYA

 

You can reach our application form regarding your above-mentioned rights here.