GÜVENSAN TESİS HİZMETLERİ A.Ş.
PERSONAL DATA PROCESSING AND PROTECTION POLICY
INTRODUCTION
Güvensan Tesis Hizmetleri A.Ş. (şirket) olarak müşterilerimiz, tedarikçilerimiz ve çalışanlarımız dahil şirketimiz ile ilişkili gerçek kişilerin kişisel verilerinin Türkiye Cumhuriyeti Anayasası ile 7 Nisan 2016’da yürürlüğe giren 6698 sayılı “Kişisel Verilerin Korunması Kanunu” (KVKK) başta olmak üzere ilgili mevzuata uygun olarak işlenmesi ve verisi işlenen ilgili kişilerin haklarının etkin şekilde kullanılmasının sağlanması önceliğimizdir.
In Güvensan Tesis Hizmetleri A.Ş. (company), it is our priority to ensure that the personal data of real persons associated with our company, including our customers, suppliers and employees, is processed in accordance with the relevant legislation, especially the “Personal Data Protection Law” (KVKK) No. 6698 which came into force on April 7, 2016 under the Constitution of the Republic of Turkey and to ensure exercise of relevant rights by people.
The purpose of this policy is to define implementing rules and obligations to ensure the protection and processing of personal data of company’s employees, customers, potential customers, employee candidates, company shareholders, and company officials, visitors in a manner that is compatible KVKK in cooperation with the employees of the institutions, authorities and the shareholders and third parties.
In this context, for the protection of personal data processed in accordance with the relevant legislation required administrative and technical measures are taken by Güvensan Tesis Hizmetleri A.Ş..
This policy describes our methods for processing, storing, transferring and deleting or anonymizing personal data that is shared during our activities within the framework of the principles set out in KVKK during our commercial, social responsibility, etc. activities.
This policy may be updated from time to time in order to adapt to changing conditions and legislation.
Detailed explanations of the following basic principles will be made, which are adopted by Güvensan Tesis Hizmetleri A.Ş. as data officer and listed below:
Scope
All personal data processed included but not limited to those of employees, customers, potential customers, employee candidates, shareholders, company officials, visitors and of employees, shareholders and officials of the institutions with which Güvensan Tesis Hizmetleri A.Ş. cooperates, and third parties and in short data acquired during our activities and processed by Güvensan Tesis Hizmetleri A.Ş. are covered by this policy.
Personal data protection is only related to real persons and information belonging to legal entities, which does not contain real person information, is excluded from personal data protection. Therefore, this policy does not apply to data belonging to legal entities.
COLLECTION AND PROCESSING OF PERSONAL DATA
In accordance with the “law on protection of personal data ” No6698P as data officer Güvensan Tesis Hizmetleri A.Ş. is entitled to perform any action on your personal data you share with our company in whole or in part, provided it is part of any data recording system either automated or non-automated including acquisition, recording, storage, preservation, modification, reorganization, disclosure, transfer, takeover, making it obtainable, classifying or preventing it from being used.
In accordance with the 4th article of KVKK, Güvensan Tesis Hizmetleri A.Ş. acts in accordance with the following principles in the processing of personal data.
Personal data is processed in accordance with the law and integrity rules. All kinds of personal data processing processes are carried out in accordance with the legislation in force and honesty rules are complied with.
The company provides the opportunity for data owners to update their data and necessary measures are taken to ensure that the data is properly transferred to the databases.
The company devotes its data processing activities for specific, explicit and legitimate purposes in line with its disclosure obligations under the scope of the KVKK and explicitly informs the data owners about these purposes.
Personal data is processed in connection with and limited to the extent necessary for the purpose reported to the data holder at the time it is provided.
Personal data is kept for a period of time, provided that a certain period of time is determined under the legislation in force. If such a period is not determined in the legislation, reasonable retention periods are determined by taking into account the purpose of data use and company procedures and the data is stored in a limited manner. Following the expiration of the said periods, the data is deleted, destroyed or made anonymous in accordance with the company’s procedures.
PURPOSES OF PROCESSING PERSONAL DATA
Your personal data is collected by our company to be processed within the personal data processing requirements and purposes specified in Articles 5 and 6 of the “law on protection of personal data” no.6698 within the framework of carrying out our commercial activities with the aim of determining and implementing the business and commercial strategies of our company in order to provide you with products and services, to carry out our operational activities, to perform the services we provide in accordance with the requirements of the legislation, to fulfill the agreements we have signed with the parties identified above, to perform advertising, promotion and information activities such as promotion and offering of our products and services, , for the improvement of our products and services to analyze and archive our customer portfolio and social media platforms followers /users and our website visitors, to perform the operations of personal affairs of our staff in accordance with human resources policies of our company, to make personal transactions of our personnel in accordance with our company’s human resources policies, for fulfillment of obligations arising from contract of employment and/or legislation for employees of the company, evaluation of job applications, storage of data requested by Judicial and administrative authorities, fulfillment of our reporting and disclosure obligations, providing the legal and commercial security of our company and the persons in business relationship with our company, for providing the legal and commercial security of our company and the persons in business relationship with our company.
In this context, non-specific personal data will be processed subject to the following conditions:
Having the express consent of the data holder,
Clearly prescribing data processing in law
The processing of the relevant data is necessary to protect the life or physical integrity of the person who is unable to disclose his or her consent due to actual impossibility or whose consent is not granted legal validity.
The processing of personal data belonging to the parties to the contract is necessary, provided that it is directly related to the establishment or execution of a contract.
Data processing is mandatory for the data responder to fulfill his / her legal obligation.
The disclosure of personal data by the person concerned
Data processing is mandatory for the establishment, use or protection of a right.
Data processing is mandatory for the legitimate interests of the data holder, provided that it does not harm the fundamental rights and freedoms of the person concerned.
Private personal data may be processed subject to the following conditions.
Having the express consent of the data holder,
Data on health and sexual life, personal data of a private nature to the outside (race or ethnic origin, political opinion, philosophical belief, religion and sect, or other beliefs, costume and dress, association or trade union membership, criminal convictions and security measures, data on biometric and genetic data) prescribed in the legislation to be processed.
In terms of data on health and sexual life for Public Health Protection, preventive medicine, medical diagnosis, treatment and care services, execution, planning and management of health services, financing for the purposes of the institution or authorized persons under confidentiality obligation, except for the data that can be processed by our employees. Such data belonging to our employees can be processed by the persons stipulated in the law.
SECURITY AND STORAGE OF PERSONAL DATA
Our company undertakes to provide all technical and administrative measures to ensure the appropriate level of security to prevent use of the personal data you have shared by unauthorized 3rd parties in violation of the law, prevent unauthorized access and to store in our data structure, internet or any data preservation storage system.
All employees, especially those authorized to access personal data take the necessary actions to inform about their duties and responsibilities within the scope of KVKK. Your personal data, which is stored and protected during the period required for the processing of personal data, may be removed from the company’s data streams by means of deletion, disposal, or anonymity when the legal retention period or the period required for the processing of personal data expires, provided that legal obligations are fulfilled and the retention period stipulated in the legislation expires.
In order for our company to fulfill its obligation to keep your personal data accurate and up-to-date, accurate and up-to-date data must be shared with the company. In the event of any changes in personal data, you may contact our company via the contact information below to ensure that your current data is processed.
TRANSFER OF PERSONAL DATA
The personal data can be transferred by Güvensan Tesis Hizmetleri A.Ş. for the fulfillment of the stated objectives of this policy as a business company to our affiliates, shareholders, customers, law enforcement, public institutions and organizations, suppliers and business partners, to all persons who received the service, or other third parties in country and/or abroad as set forth in articles 8 and 9 of KVKK requirements and objectives.
THE RIGHTS OF THE PERSONAL DATA HOLDER UNDER THE PROTECTION OF PERSONAL DATA ACT NO. 6698
As owners of personal data, you can contact our company to make the following requests about yourself:
- Learning whether personal data is processed,
- Request information if personal data has been processed,
- Learning the purpose of processing personal data and whether they are used in accordance with their purpose,
- To know the third parties from which personal data is transferred at home or abroad
- Request that personal data be corrected if it is incomplete or improperly processed,
- To request the deletion or disposal of personal data within the framework of the conditions stipulated in the 7th article of KVKK,
- Request that transactions relating to the correction, deletion or disposal of personal data be reported to third parties from which personal data is transferred
- Objecting to the emergence of an outcome against the person himself by analyzing the processed data exclusively through automated systems,
- You have the right to claim damages if personal data is damaged due to illegal processing.
You can apply to exercise your rights under this section through our contact information below.
If you are the owner of personal data, and you have the right to use the above-mentioned rights, and you claim the right to use your statements in your application must be clear and understandable and contains subject matter you request or if you are acting on behalf of someone else, you must be specifically authorized and certified, the application must contain identity and address information and It is important that the information/data you share is accurate and kept up-to-date, that the rights on the data can be exercised in the sense of KVKK and other relevant legislation, and that the responsibility arising from the misinformation is entirely yours. In this context, your applications will be completed free of charge within the shortest possible time frame and within 30 days at most. If your applications are not answered by us during this time, or if we reject your application or the content of our response, you may file a complaint with the Personal Data Protection Board.
If there is a cost to fulfill your requests, we may only charge you the fees set out by the Personal Data Protection Board.
GÜVENSAN TESİS HİZMETLERİ A.Ş.
Küçükbakkalköy Mahallesi Sütçüler Sok. No. 4/A Ataşehir/İSTANBUL
Phone: 0(216) 573 22 11
Faks: 0(216) 572 94 35
E-mail: kvkk@guvensantesis.com.tr