1. lang.anasayfa
  2. >
  3. CORPORATE >
  4. PERSONAL DATA PROTECTION POLICY

PERSONAL DATA PROTECTION POLICY

GOAL
The purpose of this policy is Bartın Seramik A.Ş. It has been prepared in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of all kinds of information related to an identified or identifiable natural person with whom (the organization) is in contact, and to regulate the obligations of our organization and the procedures and principles to comply with the management system.

1. SCOPE
This policy covers the real persons whose personal data is processed by our organization, and the real and legal persons who process this data completely or partially automatically or by non-automatic means provided that they are part of any data recording system, and the management system that enables the management of this data.

2. RESPONSIBILITY
Contact Person, Data Processors and All Employees

3. DEFINITIONS AND ABBREVIATIONS
In the implementation of this policy and the Personal Data Management System applied in our organization;

a) Explicit consent: Consent on a specific subject, based on information and declared with free will,
b) Anonymization: Making personal data unidentifiable or unrelated to a natural person, even by matching with other data,
ç) Related person: The real person whose personal data is processed,
d) Personal data: All kinds of information regarding an identified or identifiable natural person,
e) Processing of personal data: Obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making personal data fully or partially automatic or non-automatic, provided that it is a part of any data recording system. All kinds of operations performed on the data such as bringing, classifying or preventing their use,
f) Board: Personal Data Protection Board,
g) Authority: Personal Data Protection Authority,
ğ) Data processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,
h) Data recording system: The recording system in which personal data are structured and processed according to certain criteria,
ı) Data controller: refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

4. APPLICATION
4.1. Processing of Personal Data
4.1.1. General principles

In our organization, personal data are processed in accordance with the procedures and principles stipulated in the Personal Data Protection Law No.6698, regulations, communiqués, Board Decisions and guides published under this law, and other laws related to the work done in our units.

4.1.2. During the processing of personal data of our organization;
• Within the scope of the principle of compliance with the law; It implements the obligation to comply with the principles established by laws and other legal regulations in the processing of personal data.
• Within the scope of the principle of compliance with the rules of honesty; Personal data are not processed in any way without informing the person concerned. Personal data is not used in a way that causes injustice against the person concerned, it does not exceed the purpose of collection.
• Under the principle of being accurate and up-to-date when necessary; Personal data are kept accurate and up-to-date, as a result of the person concerned is based on personal data. However, our organization always keeps the channels open to ensure that the information of the person concerned is correct and up to date.
• Under the principle of processing for specific, explicit and legitimate purposes; Personal data processing activities are kept clearly understandable by the person concerned. It is clearly defined on which legal processing conditions the personal data processing activities are carried out. It is set out in detail to ensure the determination of the personal data processing activity and the purpose of this activity.
• Under the principle of legitimacy of the purpose; The processed data is kept in connection with the work done and is required for the work done.
• Within the scope of the principle of being related, limited and measured for the purpose of processing; Personal data are not collected for purposes that are not available and intended to be realized later. Personal data is not processed to an extent that is not necessary for the realization of personal data processing. Personal data is collected only for specific purposes and as required and used where the purpose requires.
• Under the principle of retention for the period required by the relevant legislation or for the purpose for which they are processed; The period stipulated in the relevant legislation for the storage of data is complied with, and personal data are kept only for the period required for the purpose for which they are processed. When a data does not need to be stored anymore, that data is deleted, destroyed or anonymized. Personal data are not preserved considering that it can be used again in the future or for any other reason.

4.2. Conditions of processing personal data
In our organization, personal data are not processed without the express consent of the person concerned. However, the processing of personal data belonging to the parties of the contract, provided that it is clearly stipulated in the laws, is obligatory for the protection of the life or body integrity of the person who is unable to explain his consent due to actual impossibility or whose consent is not legally valid, is directly related to the establishment or execution of a contract. necessary for the fulfillment of the legal obligation, it is made public by the person concerned, data processing is mandatory for the establishment, use or protection of a right, data processing is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not damaged. In case of existence of one of the conditions, it is possible to process personal data without the explicit consent of the person concerned.

4.3. Processing conditions of special quality personal data
Personal data of a special nature, as well as biometric data about individuals' membership in associations, foundations or trade unions, health, criminal conviction and security measures. It is forbidden to process sensitive personal data without the express consent of the person concerned. In our organization, explicit consent is obtained from the relevant person for special data received in accordance with the relevant laws. Personal data other than health is processed without seeking the explicit consent of the person concerned, in cases stipulated by law. However, adequate measures determined by the Board are also taken in the processing of special quality data.

4.4. Deletion, destruction or anonymization of personal data
Despite the fact that it has been processed in accordance with the provisions of this law and other related laws in our organization, in the event that the reasons requiring its processing are eliminated, the personal data shall be ex officio or upon the request of the person concerned, by the data controller, "Deletion, Destruction or Anonymization of Personal Data. It is deleted, destroyed or anonymized according to the “Regulation on the introduction of it. It is implemented with the "Deletion, Destruction or Anonymization of Personal Data Policy".

4.5. Transfer of personal data
In our organization, personal data cannot be transferred without the express consent of the data subject, data transfer issues are arranged between the Data Controllers and the Data Processors in accordance with the subject. The provisions of other laws regarding the transfer of personal data are evaluated separately.

Personal data, however, belong to the parties of the contract, provided that it is explicitly stipulated in the laws, is necessary for the protection of the life or body integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid, is directly related to the establishment or performance of a contract. Processing of personal data is necessary, mandatory for fulfilling legal obligation, being made public by the person concerned, data processing is mandatory for establishing, exercising or protecting a right, processing data for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed. It can be transferred without the explicit consent of the person concerned in the presence of one of the conditions.

In case of existence of one of the above-mentioned conditions, in the foreign country where personal data will be transferred in case of transfer of personal data abroad; there is adequate protection, a case of lack of adequate protection of those responsible for the data in Turkey and in the relevant foreign country sufficient protection for the presence of and the Board's permission to commit themselves in writing and the person's explicit consent be transferred without seeking abroad.

4.6. Data controller's obligation to inform
In our organization, within the informative texts to the relevant people; Information is given about the identity of the data controller, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of personal data collection and the legal reason and rights.

Within the scope of the rights of the person concerned, everyone, by applying to our organization, about themselves; To learn whether personal data is processed, To request information if personal data has been processed, To learn the purpose of processing personal data and whether they are used for their purpose, To know the third parties to whom personal data is transferred,
Requesting correction of personal data in case of incomplete or incorrect processing (requesting notification to third parties to whom personal data has been transferred) requesting deletion or destruction of personal data (requesting notification to third parties to whom personal data is transferred), by analyzing the processed data exclusively through automated systems, It has the right to object to the emergence of the result, to demand the compensation of the damage in the event that the personal data is damaged due to unlawful processing.

4.7. Obligations regarding data security
The duties and responsibilities of our organization as a Data Controller are primarily to prevent the unlawful processing of personal data, to prevent unlawful access to personal data and to ensure the preservation of personal data, and all kinds of duties, powers and responsibilities to ensure the level of security determined by the "Contact Person Instruction" defined in.

In addition, all technical and administrative measures required to ensure the appropriate level of security in order to ensure the protection of personal data in our organization have been taken by applying the "Access to Personal Data, Personal Data Security and Privacy Policy".

The procedure to be applied in case the processed personal data is obtained by others illegally is defined.


4.8. Application to the data controller
The person concerned can submit their requests regarding the processed data to our organization in writing or by other methods to be determined by the Board. The requests received are concluded free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board may be charged. Our organization accepts the request or rejects it by explaining its reason and notifies the relevant person in writing or electronically. In case the request in the application is accepted, the requirement is fulfilled.

4.9. Data Controllers Registry
Our organization is registered with the Data Controllers Registry before starting data processing.

Alvit - Bartın Ceramic A.Ş © 2020. All Rights Reserved. URL MEDYA