1. PURPOSE and SCOPE
Personal data security is undoubtedly the most important subject of the recent global legal regulations in the field of fundamental rights and freedoms. A Regulation that entered into force in 2016 in the EU in the field of confidentiality/privacy of personal information owned by each individual, regardless of their legal or social status, has also affected our country, which is in the process of membership negotiations. As a result, the issue of personal data in our country first gained a constitutional guarantee with the Referendum in 2010, and then the Personal Data Protection Law No. 6698 was adopted in 2016.
UÇ Defence Electronics Engineering Manufacturing Manufacturing Manufacturing Manufacturing Co. Ltd. Şti. (UÇ SAVUNMA or "Company"), we attach importance to the protection of personal data, sensitive personal data and confidential information that we process. For this reason, as the Data Controller as the Company, we apply adequate, measured and necessary administrative and technical measures to process such data and information in accordance with the Personal Data Protection Law No. 6698 ("Law") by using, recording, storing, storing, updating, transferring and / or classifying such data and information limited to our business purposes, as described in this policy document.
This Privacy Policy covers information and data processed by the Company on site or remotely, physically or electronically in all data processing media and tools. The Privacy Policy covers all means of providing visibility, control and assurance, such as all layered disclosure texts, disclosure texts, policies and guidelines produced by the Company.
2. BASIC CONCEPTS
Explicit consent: Consent on a specific subject, based on information and expressed with free will
Anonymisation: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data
Relevant person The natural person whose personal data is processed
Relevant user: Natural or legal persons who process personal data within the organisation of the data controller or in accordance with the authorisation and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data
Personal data: Any information relating to an identified or identifiable natural person
Processing of personal data: Any operation performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganising, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system
Committee: The person responsible for monitoring all personal data processes carried out by the Company, its units and employees, checking whether the policies are complied with, and carrying out personal data processes on behalf of the Company, which is established within the Company in accordance with the "KVK Committee Duties and Responsibilities Directive"
Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data
Data processor: A natural or legal person who processes personal data on behalf of the data controller based on the authorisation granted by the data controller
Data recording system: The recording system in which personal data are structured and processed according to certain criteria
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system
3. IDENTITY OF THE DATA CONTROLLER
The Company has the status of "Data Controller" towards all natural persons with whom it contacts and processes personal data while carrying out its corporate activities and is obliged to fulfil the obligations arising from the law. The Company fulfils these obligations through the visibility, control and assurance tools it produces and implements, and through administrative measures and technical measures at an appropriate and measured level.
Title :
UC DEFENCE ELECTRONICS ENGINEERING ENGINEERING MANUFACTURING REPRESENTATION TRADING AND SAN. LTD. ŞTI.
Address :
Ergazi Mah. 1819.Cad. Teknosite No:1 Kat:4 Yenimahalle/Ankara/Turkey
Our Websites:
https://ucsavunma.com
Telephone :
+90 312 250 51 00
e-mail (for KVK) :
4. DATA SUBJECTS WHOSE PERSONAL DATA ARE PROCESSED
The Company generally and intensively processes the data of the data subjects within the scope of this Privacy Policy and other administrative and technical measures. In the processing of personal data of natural persons outside these categories, the Company's data processing policies, especially this Privacy Policy, will be complied with. The categories of natural persons whose personal data are processed are as follows:
EMPLOYEE, OTHER (CUSTOMER EMPLOYEE), SUPPLIER EMPLOYEE, OTHER (PUBLIC OFFICIAL), OTHER (REAL PERSON), PRODUCT OR SERVICE RECIPIENT, INTERN , VISITOR, OTHER (INTERNET SITE VISITOR), OTHER (USER), POTENTIAL PRODUCT OR SERVICE PURCHASER, PROSPECTIVE EMPLOYEE, SUPPLIER (AUTHORISED)
5. PURPOSES OF PROCESSING PERSONAL DATA
The personal data of the data subjects processed by the Company, to be fully and directly related to the Company's activities and the commercial, business or legal connection with the data subject;
GENERAL PURPOSES
Execution / Supervision of Business Activities, Execution of Information Security Processes, Ensuring Security of Physical Space, Ensuring Security of Data Controller Operations, Execution of Audit / Ethical Activities, Providing Information to Authorised Persons, Institutions and Organisations, Execution of Management Activities, Execution of Storage and Archive Activities, Execution of Goods / Service Sales Processes, Execution of Communication Activities, Execution of Access Authorisations, Execution of Employee Candidate Application Processes, Follow-up and Execution of Legal Affairs, Execution of Contract Processes, Creation and Follow-up of Visitor Records, Execution of Employee Benefits and Benefits Processes, Execution of Employee Candidate / Intern / Student Selection and Placement Processes, Execution of Activities in accordance with the Legislation, Planning Human Resources Processes, Execution of Business Continuity Activities, Execution of Performance Evaluation Processes, Fulfilment of Obligations Arising from Employment Contract and Legislation for Employees, Execution of Supply Chain Management Processes, Execution of Finance and Accounting Affairs, Execution of Employee Satisfaction and Loyalty Processes, Execution of Training Activities, Execution of Goods / Service Procurement Processes, Execution of Occupational Health / Safety Activities, Execution of Assignment Processes, Execution of Marketing Processes of Products / Services, Execution of Emergency Management Processes, Organisation and Event Management, Execution of Advertising / Campaign / Promotion Processes
SPECIAL AIMS
Carrying out Project Activities, Ensuring Data Security, Ensuring Legal, Technical and Commercial Business Security, Protection of Products, Secrets and Rights Subject to Intellectual and Industrial Property (such as trademarks, patents and copyrights), Limiting / Authorising Access to Units Requiring Special Security Measures, Benefiting from Incentives, Making Official Notifications to Public Institutions, Fulfilling Obligations Against Public Audits, Performing Correspondence with Public / Private Sector, Conducting Intellectual and Industrial Property Related Transactions, Improving Service Quality, Managing Quality Control Processes, Performing Certification and Certification Procedures, Fulfilling Obligations against Certification Body (Third Party) Audit, Fulfilling Obligations against Customer (Second Party) Audits, Managing Maintenance / Repair Processes, Providing Technical Support, Managing Cloud Accounts, Managing Corporate E-mail Accounts, Keeping Internet Access Records, Obtaining Hosting Services, Operating Internet Sites, Monitoring and Controlling Portable Electronic Devices, Ensuring the Security of Facilities, Providing Instant Communication, Making Video Conference Calls, Keeping Log Records, Completing Documents, Updating Information, Communicating via Electronic Channels, Following Information and Support Requests and Complaints, Receiving Opinions and Suggestions, Providing Remote Working Opportunities, Processing Website Cookie Records, Tracking Working Hours, Providing Access to Corporate E-mail Traffic and Communication Content, Managing Electronic Devices, Making Execution Deductions, Following Litigation Processes, Providing Clothing, Technical Equipment and Equipment, Paying Salaries, Conducting Interview Processes, Conducting Procedures Regarding Internship Personnel Files, Receiving and Evaluating Internship / Vocational Training Applications, Measuring Employee Performance, Searching for Personnel Online, Conducting Procedures Regarding Premium Incentives, Managing Goods and Service Procurement, Conducting Procedures Regarding Subcontractor Employees, Conducting Examinations, Conducting Human Resources Processes, Calculating Wages, Taxes and Deductions and Preparing Monthly Payroll, Creating and Keeping Personnel Files, Obtaining Commitments, Conducting In-Service Training Activities, Making Payments, Protecting the Health of Employees, Conducting Disciplinary Procedures, Conducting Procedures Regarding Overtime Work, Conducting Life / Health Insurance Procedures, Conducting Resignation / Retirement Procedures, Accessing and controlling the information of users in electronic environment, Carrying out the Leave Procedures of Employees, Carrying out Severance and Notice Pay Procedures, Carrying out Compulsory Private Pension Procedures, Fulfilling İŞKUR Obligations, Fulfilling the Identity Notification Obligation, Fulfilling the Recruitment Processes, Carrying out Membership Procedures to National and International Organisations, Fulfilling Temporary Assignments, Communicating with Reference Persons in CVs, Executing Short-Term Working Transactions, Printing Business Cards, Making Promotions, Conducting On-the-Job Training, Executing Business Processes Related to Professional Organisations, Opening Current Account Registration, Executing Current Account Reconciliation Transactions, Issuing Invoices, Making Collections, Performing Material Acceptance and Exit Transactions, Executing Accounting Records and Transactions, e-Invoice, e-Archive Invoice, e-Waybill etc. Receiving Private Integrator Service for the Conversion and Storage of Electronic Documents, Paying Advances, Executing Movable (Fixture) Transactions, Meeting Travel and Accommodation Expenses, Preparing Tax Declarations within the Deadline, Providing Social / Economic Benefits, Providing Social / Economic Benefits, Attendance Right, Wage, Making Bonus etc. Payments, Providing Economic Support, Fulfilling SSI Obligations, Executing Tax / Legal Deduction Procedures, Keeping Health Records, Conducting Examinations, Fulfilling the Obligation to Record and Notify Work Accidents, Receiving and Placing Orders, Conducting Market Price Research and Obtaining Bids, Participating in Fairs, Creating Customer Records, Carrying out Representation and Hospitality Operations, Carrying out Executive Assistant Activities, Carrying out Subscriber and Membership Operations, Organising Meetings, Increasing the Level of Representation Abroad, Carrying out Document Operations, Providing Tickets, Informing About Products, Brands and Their Contents, Fulfilling Processes Related to Warehouse Registration, Counting and Management, Promoting Through Electronic Channels (Social Media), Informing the Public, Raising Awareness, Ensuring Delivery of Products to Customers
6. CATEGORIES OF PERSONAL DATA PROCESSED and LEGAL REASONS FOR PROCESSING
Your personal data may be processed primarily based on the condition of "explicit consent" as stated in Article 5 of the Law. Also mentioned in the same article,
"Explicitly stipulated in the law"
Fulfilment of the requirements of the contract to which you are a party, based on the legal reason of "establishment or performance of the contract",
Fulfilment of legal obligations stipulated in the relevant legislation, such as responding to the requests of courts and public institutions and organisations requesting information-documents, based on the legal reason that "the data controller can fulfil its legal obligation",
"publicised by the person concerned",
To be a means of proof in possible disputes based on the legal reason of "establishment, use or protection of a right", to receive legal counselling and technical support
Provided that it does not harm the fundamental rights and freedoms of the data subject, it can be processed "without seeking explicit consent" based on the legal reasons that data processing is mandatory for the "legitimate interests" of the data controller.
The categories of data of each data subject person group and the legal grounds on which their data are processed are listed below.
6.1 EMPLOYEE DATA
As the Company, we process the data of these persons in the categories of Identity, Contact, Transaction Security, Personal, Other Information, Professional Experience, Visual and Audio Recordings, Location, Physical Space Security, Legal Transaction, Finance, Customer Transaction, Risk Management, Biometric Data, Health Information, Criminal Conviction and Security Measures, Philosophical Belief, Religion, Sect and Other Beliefs, Dress and Attire.
6.1.1 Legal Grounds
1- Turkish Commercial Code No. 6102
2- Law No. 6698 on the Protection of Personal Data Art. 5/f (Legitimate Interest)
3- Law No. 5746 on Supporting Research, Development and Design Activities
4- Implementation and Supervision Regulation on Supporting Research, Development and Design Activities
5- Law No. 4562 on Organised Industrial Zones
6- Article 5/ç of the Law No. 6698 on the Protection of Personal Data (Legal Obligation)
7- Industrial Property Law No. 6769
8- Law No. 5846 on Intellectual and Artistic Works
9- Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications
10- Regulation on Internet Bulk Use Providers
11- Execution and Bankruptcy Law No. 2004
12- Turkish Code of Obligations No. 6098
13- Art. 5/c of the Law No. 6698 on the Protection of Personal Data (Establishment and Execution of the Contract)
14- Labour Law No. 4857
15- Social Security and General Health Insurance Law No. 5510
16- Income Tax Law No. 193
17- Tax Procedure Law No. 213
18- Occupational Health and Safety Law No. 6331
19- Regulation on Occupational Health and Safety Services
20- Regulation on Duties, Authorities, Responsibilities and Training of Workplace Physicians and Other Health Personnel
21- Regulation on Overtime and Overtime Working Regarding the Labour Law
22- Regulation on Private Health Insurances
23- Regulation on Annual Paid Leave
24- Individual Pension Savings and Investment System Law No. 4632
25- Law No. 4904 on Certain Regulations Regarding the Turkish Employment Agency
26- Law No. 1174 on Identity Notification
27- Regulation on Short-time Working and Short-time Working Allowance
28- Unemployment Insurance Law No. 4447
29- Regulation on Part-Time Work After Maternity Leave or Unpaid Leave
30- Regulation on Employment Incentives and On-the-Job Training Programme
31- Decree Law No. 660 on the Organisation and Duties of the Public Oversight, Accounting and Auditing Standards Authority
32- Regulation on the Payment of Wages, Premiums, Bonuses and All kinds of Remuneration of this Nature through Banks
33- Law No. 5174 on the Union of Chambers and Commodity Exchanges of Turkey and Chambers and Commodity Exchanges
34- Regulation on Social Insurance Transactions
35- Regulation on Emergency Situations in Workplaces
36- Regulation on Surveillance and Control of Communicable Diseases
6.2 OTHER (CUSTOMER EMPLOYEE) DATA
As a company, we process the data of these persons in the categories of Identity, Contact, Transaction Security, Personal, Other Information, Physical Space Security, Finance, Customer Transaction.
6.2.1 Legal Grounds
1- Turkish Commercial Code No. 6102
2- Law No. 6698 on the Protection of Personal Data Art. 5/f (Legitimate Interest)
3- Turkish Code of Obligations No. 6098
4- Law No. 6698 on the Protection of Personal Data Art. 5/c (Establishment and Execution of the Contract)
5- Value Added Tax Law No. 6473
6- Decree Law No. 660 on the Organisation and Duties of the Public Oversight, Accounting and Auditing Standards Authority
7- Tax Procedure Law No. 213
6.3 SUPPLIER EMPLOYEE DATA
As a company, we process the data of these persons in the categories of Identity, Communication, Transaction Security, Finance, Personnel, Customer Transaction, Other Information.
6.3.1 Legal Grounds
1- Turkish Commercial Code No. 6102
2- Law No. 6698 on the Protection of Personal Data Art. 5/f (Legitimate Interest)
3- Labour Law No. 4857
4- Decree Law No. 660 on the Organisation and Duties of the Public Oversight, Accounting and Auditing Standards Authority
5- Tax Procedure Law No. 213
6- Turkish Code of Obligations No. 6098
7- Art. 5/c of the Law No. 6698 on the Protection of Personal Data (Establishment and Execution of the Contract)
6.4 OTHER (PUBLIC OFFICIALS) DATA
As a company, we process the data of these persons in the categories of Identity, Contact, Personal, Other Information.
6.4.1 Legal Grounds
1- Law No. 5746 on Supporting Research, Development and Design Activities
2- Implementation and Supervision Regulation on Supporting Research, Development and Design Activities
3- Law No. 4562 on Organised Industrial Zones
4- Law No. 6698 on the Protection of Personal Data Art. 5/ç (Legal Obligation)
5- Art. 5/f (Legitimate Interest) of the Law No. 6698 on the Protection of Personal Data
6.5 OTHER (NATURAL PERSON) DATA
As a company, we process data in the categories of Identity, Contact, Transaction Security, Personal, Other Information, Professional Experience, Finance.
6.5.1 Legal Grounds
1- Article 5/f (Legitimate Interest) of the Law No. 6698 on the Protection of Personal Data
2- Law No. 4562 on Organised Industrial Zones
3- Law No. 6698 on the Protection of Personal Data Art. 5/ç (Legal Obligation)
4- Income Tax Law No. 193
5- Turkish Commercial Code No. 6102
6- Value Added Tax Law No. 6473
7- Tax Procedure Law No. 213
8- Art. 5/c of the Law No. 6698 on the Protection of Personal Data (Establishment and Execution of the Contract)
6.6 PRODUCT OR SERVICE RECIPIENT DATA
As a company, we process the data of these persons in the categories of Identity, Contact, Transaction Security, Personal, Finance, Other Information, Customer Transaction.
6.6.1 Legal Grounds
1- Law No. 6698 on the Protection of Personal Data Art. 5/f (Legitimate Interest)
2- Turkish Commercial Code No. 6102
3- Value Added Tax Law No. 6473
4- Tax Procedure Law No. 213
5- Decree Law No. 660 on the Organisation and Duties of the Public Oversight, Accounting and Auditing Standards Authority
6- Tax Procedure Law General Communiqué No.507
7- Art. 5/c of the Law No. 6698 on the Protection of Personal Data (Establishment and Execution of the Contract)
6.7 INTERN DATA
As the Company, we process the data of these persons in the categories of Identity, Contact, Physical Location Security, Transaction Security, Location, Personal, Professional Experience, Visual and Auditory Records, Other Information, Health Information.
6.7.1 Legal Grounds
1- Law No. 6698 on the Protection of Personal Data Art. 5/f (Legitimate Interest)
2- Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications
3- Labour Law No. 4857
4- Vocational Education Law No. 3308
6.8 VISITOR DATA
As a company, we process the data of these persons in the categories of Identity, Communication, Transaction Security, Physical Space Security.
6.8.1 Legal Grounds
1- Law No. 6698 on the Protection of Personal Data Art. 5/f (Legitimate Interest)
2- Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications
3- Regulation on Internet Bulk Use Providers
6.9 OTHER (INTERNET SITE VISITORS) DATA
As the Company, we process the data of these persons in the categories of Identity, Communication, Transaction Security, Marketing, Other Information, Professional Experience, Visual and Auditory Records.
6.9.1 Legal Grounds
1- Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications
2- Law No. 6698 on the Protection of Personal Data Art. 5/f (Legitimate Interest)
6.10 OTHER (USER) DATA
As a company, we process the data of these persons in the categories of Identity, Communication, Transaction Security, Professional Experience, Visual and Auditory Records.
6.10.1 Legal Grounds
1- Article 5/f (Legitimate Interest) of the Law No. 6698 on the Protection of Personal Data
6.11 POTENTIAL PRODUCT OR SERVICE RECIPIENT DATA
As a company, we process the data in the categories of Identity, Communication, Transaction Security.
6.11.1 Legal Grounds
1- Article 5/f (Legitimate Interest) of the Law No. 6698 on the Protection of Personal Data
6.12 EMPLOYEE CANDIDATE DATA
As a company, we process the data of these persons in the categories of Physical Space Security, Identity, Communication, Transaction Security, Personal, Professional Experience, Visual and Audio Records, Other Information, Health Information, Criminal Conviction and Security Measures.
6.12.1 Legal Grounds
1- Article 5/f (Legitimate Interest) of the Law No. 6698 on the Protection of Personal Data
6.13 SUPPLIER (AUTHORISED) DATA
As a company, we process the data of these persons in the categories of Identity, Personal, Other Information, Physical Space Security, Finance, Communication, Customer Transaction.
6.13.1 Legal Grounds
1- Turkish Code of Obligations numbered 6098
2- Law No. 6698 on the Protection of Personal Data Art. 5/c (Establishment and Execution of the Contract)
3- Law No. 6698 on the Protection of Personal Data Art. 5/f (Legitimate Interest)
4- Turkish Commercial Code No. 6102
5- Decree Law No. 660 on the Organisation and Duties of the Public Oversight, Accounting and Auditing Standards Authority
6- Tax Procedure Law No. 213
7- Value Added Tax Law No. 6473
7. RIGHTS OF THE PERSON CONCERNED
Within the scope of Article 11 of the Law, the Company recognises that the data subject has the right to obtain his/her consent before the data is processed and has the right to determine the fate of his/her data after the data is processed.
In this sense, the relevant persons can apply to the Contact Person;
To learn whether their personal data is processed or not,
Request information if personal data has been processed,
To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
To know the third parties to whom personal data are transferred domestically or abroad,
To request correction of personal data in case of incomplete or incorrect processing,
To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
To request notification of the transactions made pursuant to Articles (5) and (6) to third parties to whom personal data are transferred,
Object to the occurrence of a result to your detriment by analysing the processed data exclusively through automated systems,
In case you suffer damage due to unlawful processing of personal data, you may exercise your right to demand compensation for the damage.
However, individuals do not have any rights regarding anonymised data within the Company. Personal data may be shared with the relevant institutions and organisations as required by the business and contractual relationship, in the event that a legal authority is exercised by the judicial or public authority.
Requests within the scope of the rights listed are made by filling out the Company Application Form completely and sending it to the Contact Person with your wet signature by registered letter with return receipt and photocopies of identity cards (only the front side photocopy for the identity card). You can take a look at the Clarification Text on Personal Data Applications regarding the application process.
8. BASIC RULES TO BE FOLLOWED IN THE PROCESSING OF PERSONAL DATA
When processing the personal data of the data subjects, the Company units and employees shall pay attention to the following basic rules on which the Privacy Policy and other corporate policies are built.
Compliance with the law and honesty rules: The Company checks and inquires whether the personal data collected by itself or shared with it by other parties fulfil the conditions specified in the Law, such as enlightening the data subject, obtaining the explicit consent of the data subject for the processing of data where necessary. It acts in accordance with the rules of honesty while responding to the applications made by the relevant persons for enlightenment, obtaining their explicit consent or for information.
Being accurate and up-to-date when necessary: The Company endeavours to ensure that the personal data it processes and keeps in its databases contain accurate information to the extent permitted by the control mechanisms. It takes care to keep the data up to date as much as possible. It encourages data sources to share accurate information and update it in case of changes. It pays attention to check that the data are accurate and up-to-date during the collection phase.
Processing for specific, explicit and legitimate purposes: The Company processes personal data only for specific, explicit and legitimate purposes specified in this Privacy Policy.
Being relevant, limited and proportionate to the purpose for which they are processed: The Company takes care not to process personal data for any purpose other than the purpose for which they are processed, and when such a need arises, to inform the person concerned and to obtain his/her explicit consent when necessary. It uses the data only for the purpose for which they are processed and to the extent required by the service. It does not process, use or have data used for purposes other than business purposes. When it is necessary to process personal data for another purpose, it is ensured that corrections are made in the relevant compliance tools and control tools under the supervision and approval of the Committee.
Duration Commitment: The Company takes care to retain personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed. The Company retains contractual personal data for the duration of the dispute periods in the relevant Laws and the requirements of commercial and tax law. However, when these purposes disappear, the Company deletes or anonymises the personal data. The duration of the retention of which category of data is determined in the Personal Data Inventory.
Data Reduction: The Company, its units and employees collect data in the categories related to the purpose, in the amount required by the purpose of processing, except for the scope and periods required by the laws and relevant legislation, and take care to process them in their systems as long as necessary.
Deletion and Destruction: The Company keeps the personal data it processes limited to the periods stipulated in the relevant field legislation such as laws, social security, debts, tax and commercial law and/or for the periods required by the purpose of processing. In the event that these periods expire, it deletes, destroys or anonymises the expired personal data in accordance with the Personal Data Storage, Deletion, Destruction and Transfer Policy and under the permission and supervision of the Committee.
Confidentiality and Data Security: The Company takes care to ensure general confidentiality rules and data security in all processes of processing, transferring and storing personal data, and transactions are carried out in accordance with the policy documents and rules established for this purpose. It takes necessary and adequate administrative and technical measures, provided that they are proportionate.
9. TRANSFER OF PERSONAL DATA
As the Company, for the purposes listed below; In accordance with Articles 8 and 9 of the Law, it is transferred to the organisations with which we have a business relationship in accordance with Articles 8 and 9 of the Law, and to domestic and foreign public and private institutions / organisations in the nature of service providers and solution partners whose administrative, legal and technical services we benefit from.
As a data controller, we carry out the necessary controls to the extent possible to ensure that the institutions and organisations with which we share data fulfil their obligations arising from the Law, and we secure the obligations of the parties with data transfer agreements.
9.1. Domestic Transfers
We share personal data with the following domestic data controllers and data processors.
1- Execution of Information Security Processes with IT Companies, Managing Maintenance / Repair Processes, Receiving Technical Support, Tracking Working Hours, Receiving Personnel Attendance Control System Service,
2- Execution of Finance and Accounting Affairs with Banks, Payment of Salaries, Fulfilment of Obligations Arising from Employment Contract and Legislation for Employees, Execution of Goods / Service Procurement Processes, Realisation of Payments,
3- Execution of Finance and Accounting Affairs, Planning of Human Resources Processes, Execution of Transactions Regarding Premium Incentives with SSI Premium Incentives Consultant,
4- Receiving and Evaluating Suggestions for Improving Business Processes with the KVK Law Compliance Consultant, Improving Service Quality, Processing Information, Conducting Activities in Compliance with the Legislation, Receiving Consultancy Services,
5- With the Sworn-in Certified Public Accountant, to carry out the activities in accordance with the legislation, to provide information to the Authorised Persons, Institutions and Organisations, to carry out accounting records and transactions, to fulfil the obligations to the Tax Administration, to carry out commercial book records and transactions, to issue tax returns within the time limit,
6- Follow-up and Execution of Legal Affairs with the Lawyer, Follow-up of Litigation Processes, Execution of Activities in Compliance with Legislation, Managing Relations with Shareholders, Execution of Contract Processes, Execution of Employee Candidate / Intern / Student Selection and Placement Processes,
7- Execution of Activities with Customs Consultancy in accordance with the Legislation, Execution / Supervision of Business Activities, Execution of Customs Consultancy Transactions, Completion of Documents and Transactions for Customs Clearance, Obtaining Documents Providing Convenience in Customs Transactions, Execution of Goods / Service Procurement Processes,
8- Execution of Goods / Service Sales Processes with Customer Institutions / Organisations, Fulfilling Obligations Against Customer (Second Party) Audits,
9- Provision of Physical Space Security with the Security Company, Execution / Supervision of Business Activities, Creation and Follow-up of Visitor Records,
10- Execution of Goods / Service Procurement Processes with Management Consultant, for the purposes of obtaining Consultancy Services,
11- Fulfilment of Obligations arising from the Labour Contract and Legislation for Workplace Health and Safety Service Supplier and Employees, for the purposes of Execution of Occupational Health / Safety Activities,
12- To carry out activities in accordance with the legislation, to carry out financial and accounting affairs, to carry out accounting records and transactions, to carry out tax / legal deduction transactions, to fulfil obligations to the tax administration, to issue tax returns in due time with the Independent Accountant Financial Advisor
9.2. Transfers Abroad
The Company shares your personal data with the following service providers located abroad for the purposes of conducting our website, developing services, conducting office work and operations, providing services to users and visitors, ensuring their satisfaction, meeting their expectations and establishing communication.
1- Execution of Application Processes of Employee Candidates, Execution of Communication Activities, Planning Human Resources Processes, Completing Documents, Realising Recruitment, Execution of Information Security Processes, Execution of Storage and Archive Activities, Execution of Cloud Accounts, Managing Corporate E-mail Accounts, Providing Remote Working Opportunities, Backing Up Data, Using Office Applications, Execution of Goods / Service Sales Processes, Execution of Marketing Processes of Products / Services, To receive support through Remote Desktop Access, to carry out Employee Candidate / Intern / Student Selection and Placement Processes, to carry out the procedures regarding Interns, to create and store Intern / Student Files, to carry out Goods / Service Procurement Processes, to carry out Supply Chain Management Processes, to carry out / supervise Business Activities, Organisation and Event Management, to communicate through Electronic Channels.
2- Execution of Employee Candidate / Intern / Student Selection and Placement Processes, Execution of Communication Activities, Providing Instant Communication, Completing Documents, Sharing Files and Documents, Execution / Supervision of Business Activities, Execution of Customer Relationship Management Processes, Execution of Goods / Service Sales Processes, Execution of Transactions Regarding Interns, Receiving and Evaluating Internship / Vocational Training Applications
3- With Google LLC (Youtube) for the purposes of promoting, informing the public and raising awareness through electronic channels (Social Media)
You can access the privacy policies of each service provider from the following links:
1- Microsoft Corporation Privacy Policy
2- Meta (WhatsApp) Privacy Policy
3- Google LLC (Youtube) Privacy Policy
10. AUDIT, APPLICATIONS AND DATA BREACH NOTIFICATIONS
The Company may have the necessary internal and external audits conducted on the protection of personal data.
The applications made by the relevant persons are answered by the Committee within 30 days at the latest, taking the opinion of the relevant unit.
When the Company is notified of any violation of personal data, it notifies the PDP Board without delay and within 72 hours at the latest from the date of learning of this situation. It also informs the relevant parties and persons in the same way.
11. UPDATE
This policy document is updated when the Company changes the conditions, tools, purposes and scope of personal data processing and when the parties with whom personal data are shared change. Updates made in each article are kept in a separate table.
12. RELATED TOOLS AND RESOURCES
12.1 Relevant Control and Assurance Instruments
Information Security Policy
Personal Data Storage, Transfer, Deletion and Destruction Policy
Mobile Device Management Policy (MCDM)
Clean Desk Clean Screen Policy
Special Categories of Data Policy
Data Subject Applications Directive
Cookie Policy
Layered Lighting and Lighting Texts
Personal Data Inventory
Data Transfer Agreements
Data Processing Agreements
12.2 External Sources
Law No. 6698 on the Protection of Personal Data
KVKK Implementation Guide on the Law on the Protection of Personal Data
KVKK Personal Data Breach Notification Form Guide
KVKK Personal Data Security Guide (Technical and Administrative Measures)
Guidance on the Considerations to be Considered in the Processing of Biometric Data
Recommendations on Personal Data Protection in the Field of Artificial Intelligence
For more information, please contact the Committee.
