KVKK Policy

1.Purpose

ARMAK MÜHENDİSLİK VE KALIP SAN.VE TİC.LTD.ŞTİ. during the preservation, processing and transfer of your personal data in accordance with the Personal Data Protection Law No. 6698 (“KVKK”) and the principle of privacy of private life and protection of fundamental rights and freedoms of individuals in accordance with the legislation. As , we act as the data controller and take the necessary precautions. We would like to inform you about these issues.

For this reason, but not limited to the following; Processes regarding the processing, storage and transfer of data of our employees, visitors, business partners, customers, users visiting our website, in short, all personal data we obtain during our activities ………………………………………., Personal Data We do this in accordance with the Protection and Processing Policy (“Policy”).

To protect personal data, we take all administrative and technical protection measures required by the nature of the relevant data in accordance with the legislation and current technology.

2.Scope

Including, but not limited to; Processing, storage and transfer of data regarding our employees, visitors, business partners, customers, users visiting our website, in short, all personal data we obtain during our activities ……………………………………………. All personal data processed by is within the scope of this Policy.

Protection of personal data only concerns real persons, and information belonging to legal entities that does not contain information about a natural person is excluded from personal data protection. Therefore, this Policy does not apply to data belonging to legal entities.

Our policy is that …………………………………………... is owned by or ………………………………………………………………… . It is implemented in all activities related to the processing of personal data, managed by , and has been handled and prepared by taking into account the KVKK and other relevant legislation regarding personal data and international standards in this field.

 

3. DEFINITION AND ABBREVIATIONS

In this section, special terms and expressions, concepts, abbreviations, etc. used in the Policy. is explained briefly.

3.1. Company Name: ARMAK ENGINEERING AND MOLDING SANAYİ VE TİCARET LTD.ŞTİ.

3.2. Explicit Consent: Consent regarding a specific subject, based on information and free will, given in a clear manner that leaves no room for hesitation, and limited only to that transaction.

3.3. Anonymization: Making personal data impossible to attribute to an identified or identifiable natural person in any way, even by matching it with other data.

3.4. Employee: ARMAK ENGINEERING AND MOLDING INDUSTRY AND TRADE LTD.COM.

It refers to its personnel.

3.5. Former Employee : ARMAK ENGINEERING VE KALIP SANAYİ VE TİCARET LTD.ŞTİ.

Refers to personnel who have terminated their employment contract and/or whose employment contract has been terminated.

3.6. Employee Candidate: ARMAK ENGINEERING VE KALIP SANAYİ VE TİCARET LTD.ŞTİ.

Real persons who do not work within the company but are candidates for employment

3.7. Personal Data Owner (Relevant Person): The real person whose personal data is processed. For example, customers, suppliers, visitors, employees, employees and prospective employees

3.8. Personal Data: Any information regarding an identified or identifiable natural person.

3.9. Special Personal Data: Data regarding individuals' race, ethnic origin, political thought, philosophical belief, religion, sect, or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction, and security measures. with biometric and genetic data.

3.10. Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. or any action performed on the data, such as preventing its use.

3.11. Data Processor: Real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

3.12. Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

3.13. Data System: It is a registration system where personal data is structured and processed according to certain criteria.

3.13. KVK Board: Personal Data Protection Board.

3.14. KVK Authority: Personal Data Protection Authority.

3.15. KVKK: Personal Data Protection Law published in the Official Gazette No. 29677 dated April 7, 2016.

3.16. KEP: Registered Electronic Mail address. It is a system that protects all kinds of commercial, legal correspondence and document sharing in the sent form, determines exactly who the recipient is, ensures that the content is not changed, and turns the content into legally valid, safe and definitive evidence.

3.17. Policy ……………………………………………….. Personal Data Protection and Processing Policy.

4. PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

One of the most important issues for our company is to comply with the general principles stipulated in the legislation in the processing of personal data. In this context, our Company, the Constitution and Laws of the Republic of Turkey  and they must act in accordance with the principles listed below in the processing of personal data in accordance with the Personal Data Protection Law.

4.1. Engaging in Personal Data Processing Activities in Compliance with the Law and the Rules of Honesty

Our company, in accordance with Article 4 of the KVK Law, regarding the processing of personal data; In accordance with the law and the rules of honesty; accurate and up to date when necessary; Pursuing specific, clear and legitimate purposes; Personal data processing must be carried out in a limited and measured manner in connection with the purpose. In this context, our Company should take into account the proportionality requirements in the processing of personal data and should not use personal data for purposes other than what is required.

4.2. Ensuring Personal Data is Accurate and Up-to-Date When Necessary

Our company must ensure that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and their own legitimate interests; In this regard, it should take the necessary measures and establish systems to ensure these.

 4.3. Processing for Specific, Clear and Legitimate Purposes

Our company must process personal data for legitimate and legal reasons. Our company must process personal data in connection with the activities it carries out and to the extent necessary. The purpose for which personal data will be processed by our company must be determined before the personal data processing activity begins.

 4.4. Being Related to the Purpose for Processing, Being Limited and Proportionate

Our company should process personal data in a way that is suitable for achieving the specified purposes and should avoid processing personal data that is not relevant or needed to achieve the purpose.

4.5. Storage of personal data as required by legal regulations and for the duration of our commercial legitimate interests. Many regulations in the legislation require personal data to be stored for a certain period of time. For this reason, we keep the personal data we process until the period stipulated in the relevant legislation or necessary for the purposes of processing personal data and the end of the service.

If the storage period stipulated in the legislation expires or the purpose of processing no longer exists, we delete, destroy or anonymize personal data.

5. OUR COMPANY'S OBLIGATIONS REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA

 3.1. Obligation to Register in the Data Controllers Registry

 Before our company starts data processing, it must be registered with the Data Controllers Registry within the period determined and announced by the KVK Board.

The following information must be submitted in the application for registration with the Data Controllers Registry:

 (1) Identity and address information of our Company as the data controller and its representative, if any.

 (2) For what purpose personal data will be processed.

 (3) Explanations about the data subject group and groups and the data categories of these persons.

 (4) Recipients or recipient groups to whom personal data may be transferred.

 (5) Personal data intended to be transferred to foreign countries.

 (6) Measures taken regarding personal data security.

 (7) Maximum period required for the purpose for which personal data are processed.

 3.2. Obligation to Inform the Personal Data Owner

During the collection of personal data, our company must inform the personal data owner about the following issues:

(1) The identity of the Group Company and its representative, if any, as the data controller,

 (2) For what purpose personal data will be processed,

 (3) To whom and for what purpose personal data can be transferred,

 (4) Method and legal reasons for collecting personal data,

 (5) Rights of the personal data owner;

  • To learn whether personal data is processed or not,
  • To learn the purpose of processing and whether it is used in accordance with the purpose,
  • Knowing the persons to whom personal data is transferred,
  • Requesting correction in case of incomplete or incorrect processing and deletion of personal data if the conditions are met and forwarding these requests to third parties,
  • To object to the emergence of a result against oneself by analyzing the processed data exclusively through automatic systems,
  • To claim damages in case of loss due to illegal processing. In this context, personal data collection channels should be determined by our Company in order to fulfill its obligation to inform; Regarding these collection activities, the data owner should be enlightened with clarification points and texts that meet the scope and conditions required by the KVK Law; Appropriate processes should be designed accordingly.

5.2. Our obligation to ensure data security

 

In accordance with Article 12 of the KVK Law, our company must take the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the preservation of the data, and to carry out the necessary inspections in this context or should have it done.

6. CLASSIFICATION OF PERSONAL DATA

 

6.1. Personal data: Personal data; It is all kinds of information regarding an identified or identifiable natural person. Protection of personal data only concerns real persons, and information belonging to legal entities that does not contain information about a natural person is excluded from personal data protection. Therefore, this Policy does not apply to data belonging to legal entities.

6.2. Personal data of special nature: Personal data of individuals regarding their race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union memberships, health, sexual life, criminal convictions, and security measures. Biometric and genetic data are special personal data.

  1. TRANSFER OF PERSONAL DATA

7.1. Transfer of personal data domestically

ARMAK ENGINEERING AND MOLDING INDUSTRY AND TRADE LTD.COM. As such, the transfer of personal data must be in accordance with the decisions and regulations stipulated in the KVKK and taken by the KVK Board.

Without prejudice to the exceptional cases in the legislation, personal data and sensitive data will not be transferred by us to other natural persons or legal entities without the express consent of the Relevant Person.

In exceptional cases stipulated by KVKK and other legislation, data may be transferred to the authorized administrative or judicial institution or organization without the express consent of the Relevant Person, in the manner and within the limits stipulated in the legislation.

Special personal data regarding the health and sexual life of the Relevant Person can only be used for the protection of public health, preventive medicine, medical diagnosis, execution of treatment and care services, planning and management of health services and their financing, with the measures stipulated by the KVK Board and the relevant legislation being taken. For the purpose of confidentiality, it may be transferred to persons or authorized institutions and organizations who are under the obligation of confidentiality, without seeking explicit consent.

 

7.2. Transfer of personal data abroad

As a rule, personal data is not transferred abroad without the express consent of the Relevant Person. However, in case of transfer abroad, there must be adequate protection in the foreign country to which personal data will be transferred, and in case there is not sufficient protection, the data controllers in Turkey and the relevant foreign country must undertake adequate protection in writing and the Board's permission will be complied with.

 

7.3. Institutions and organizations to which personal data are transferred

Personal data, including but not limited to;

  1. To our suppliers,
  2. To our business partners and business contacts,
  3. To our subsidiaries and group companies,
  4. To legally authorized public institutions and organizations,
  5. To legally authorized private legal persons,
  6. To our shareholders,
    can be transferred according to the principles and rules explained above.

7.4. Measures we take regarding the legal transfer of personal data

7.4.1. Technical measures

To protect personal data, including but not limited to;

1. All activities carried out by the companies' business units, from collection to deletion of data, must be audited for legal compliance.

2.Makes in-company technical organization for the processing and storage of personal data in accordance with the legislation,

3.Creates the technical infrastructure to ensure the security of the databases where your personal data will be stored,

4. Follows and inspects the processes of the created technical infrastructure,

5.Determines the procedures for reporting the technical measures and audit processes we take,

6. Periodically updates and renews technical measures,

7. Risky situations are re-examined and necessary technological solutions are produced,

8. We use virus protection systems, firewalls and similar software or hardware security products and establish security systems in accordance with technological developments,

9.Accessing data via VPN connections,

10. We employ employees who are experts in technical matters.

7.4.2. Administrative measures

To protect your personal data, including but not limited to;

1. We must inform and train our employees about personal data protection law and the lawful processing of personal data.

  1. Records that impose an obligation not to process, disclose or use personal data in violation of the regulations in the Personal Data Protection Law should be included in the contracts, documents and policies that govern the legal relationship between our company and its employees.

3. Access to personal data should be limited to the relevant Company employee in line with the purpose of processing, and not every employee should have access to all personal data held within the Company.

4. In order to ensure legal compliance determined on the basis of business units, companies should raise awareness and determine implementation rules specific to the relevant business units. Necessary administrative measures should be taken by companies to ensure the control of these issues and the continuity of the application, and policies, procedures and training should be implemented. Audits should be carried out to ensure data security.

8. STORAGE OF PERSONAL DATA

8.1. Storing personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed. We retain personal data for the duration of the products and services required by the purpose of processing personal data, without prejudice to the retention periods stipulated in the legislation.

In cases where we process personal data for more than one purpose, the data is deleted, destroyed or anonymized and stored if the purposes of processing the data are eliminated or there is no obstacle in the legislation to delete the data upon the request of the Relevant Person.

Legislative provisions and KVK Board decisions are complied with regarding destruction, deletion or anonymization.

8.2. Measures we take regarding the storage of personal data

8.2.1. Technical measures

  1. It creates technical infrastructures and related control mechanisms for the deletion, destruction and anonymization of personal data,
  2. Takes the necessary precautions to keep personal data securely,
  3. Employs employees with technical expertise and/or receives support services
  4. Creates business continuity and emergency plans against possible risks and develops systems for their implementation,
  5. We establish security systems in accordance with technological developments regarding the storage areas of personal data.

8.2.2. Administrative measures

  1. We raise awareness by informing our employees about the technical and administrative risks associated with storing personal data,
  2. In case of cooperation with third parties to store personal data, contracts made with the companies to which personal data are transferred; We include provisions regarding taking the necessary security measures for the protection and safe keeping of the transferred personal data of the persons to whom personal data is transferred.

9. SECURITY OF PERSONAL DATA

9.1. Our obligations regarding the security of personal data

Personal data;

  1. To prevent unlawful processing,
  2. To prevent illegal access,
  3. To ensure that it is stored in accordance with the law,
    We take administrative and technical measures according to technological possibilities and implementation costs.

9.2. Measures we take to prevent unlawful processing of personal data

  1. We carry out the necessary inspections within our company and have them carried out,
  2. We train and inform our employees about the legal processing of personal data,
  3. The activities carried out by our company are evaluated in detail for all business units, and as a result of the said evaluation, personal data is processed specific to the commercial activities carried out by the relevant units,
  4. In cases where cooperation is made with third parties for the purpose of processing personal data, in contracts made with companies that process personal data; It contains provisions regarding persons processing personal data to take the necessary security measures,
  5. In case of unlawful disclosure of personal data or data leakage, we notify the KVK Board and carry out the investigations and take measures stipulated by the legislation in this regard.

9.2.1. Technical and administrative measures taken to prevent unlawful access to personal data

To prevent unlawful access to personal data;

  1. Employs employees with technical expertise,
  2. Periodically updates and renews technical measures,
  3. It determines the procedures for reporting the technical measures and audit processes we take,
  4. We create the data recording systems used in our company in accordance with the legislation and periodically audit them,
  5. It creates emergency aid plans against possible risks and develops systems for their implementation,
  6. We train and inform our employees about access to personal data and authorization,
  7. In contracts made with companies that provide access to personal data in cases where cooperation is made with third parties for activities such as processing and storing personal data; It includes provisions regarding taking the necessary security measures for people who access personal data,
  8. We establish security systems within technological developments to prevent unlawful access to personal data.

9.2.2. Measures we take in case of unlawful disclosure of personal data

We take administrative and technical measures to prevent unlawful disclosure of personal data and update them in accordance with our relevant procedures. If we detect that personal data has been disclosed without authorization, we create systems and infrastructures to notify the Relevant Person and the KVK Board about this situation.

In the event of an unlawful disclosure despite all administrative and technical measures taken, if deemed necessary by the KVK Board, this situation may be announced on the KVK Board's website or by another method.

10. DELETION AND DESTRUCTION OF PERSONAL DATA

Your personal data processed within the scope of KVKK will be deleted, destroyed or anonymized in accordance with the decision to be taken by our company or upon the request of the personal data owner, within the scope of the minutes to be kept by the data controller and data processor, in case the reasons requiring processing are eliminated and the legal retention periods have passed.

Provisions in other laws regarding deletion, destruction or anonymization of personal data are reserved.

Our company uses deletion or destruction techniques;

Your data stored electronically is irretrievably deleted and destroyed by the Company's expert technical staff or the expert it has agreed upon.

Your physical documents are destroyed within the scope of the minutes kept by the data controller and data processor. 

 

11. RIGHTS OF PERSONAL DATA OWNER

Personal data owners have the right to request information about their own data, if necessary, by applying in writing or by other methods determined by the KVK Board.

 In this context, Group Companies, in order to evaluate the rights of personal data owners and provide the necessary information to personal data owners, use the necessary application channels, evaluation of applications, internal operation, answering applications within the periods stipulated in the Law and other administrative and administrative procedures in accordance with Article 13 of the Personal Data Protection Law. It must establish and implement procedures and processes regarding technical regulations.

In this context, personal data owners;

  • Learning whether personal data is processed or not,
  • Requesting information if personal data has been processed,
  • Learning the purpose of processing personal data and whether they are used for their intended purpose,

* Knowing the third parties to whom personal data is transferred domestically or abroad,

  • Requesting correction of personal data in case personal data has been processed incompletely or incorrectly and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
  • Requesting the deletion or destruction of personal data in case the reasons requiring processing no longer exist, even though it has been processed in accordance with the KVK Law and other relevant legal provisions, and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
  • Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
  • In case of damage due to unlawful processing of personal data, they have the right to request compensation for the damage.

 If personal data owners submit their requests regarding the rights listed above to our Company in writing, our Company must finalize the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request.

 While the relevant application is being finalized by the Group Companies, information must be provided in a language and format that the person can understand.

 Our company may accept the application or reject it by explaining the reason. In cases where the personal data owner's application is rejected, the answer given is insufficient, or the application is not responded to in due time, the personal data owner may file a complaint with the KVK Board within 30 days and in any case within 60 (sixty) days from the date of application. Necessary warnings should be made and awareness should be provided within the Company about the rights.

11.1. Exercise of rights regarding personal data

Personal Data Owner with our company within the scope of KVKK  If he/she wants to contact, give feedback or manage his/her problems, he/she can send his/her petition containing his/her identity documents and request to Namık Kemal Mah. You can send it to 121.Sk No:30 ESENYURT / İSTANBUL, deliver it through a notary public, or send it to armakmuhendislik@hs01.kep.tr with a secure electronic signature.