As the data controller ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC.LTD.ŞTİ, all personal data processed within our company are protected within the scope of the relevant national and international legislation provisions, especially the Personal Data Protection Law No. 6698. Our company takes technical and administrative measures in a timely manner to ensure the necessary protection, and in case of any suspicion of violation, it makes the necessary notifications to the relevant individuals, institutions and organizations within the framework of legal provisions as soon as possible.
Within the scope of this clarification text, it is useful to know the meanings of the following concepts.
Explicit consent, within the scope of Directive 95/46 EC, should be understood as a statement of approval given by the data subject freely, with sufficient information on the subject, in a clear manner that leaves no room for hesitation, and limited only to that transaction, to the processing of data about him/her.
Anonymization of personal data means making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.
Data recording system refers to the recording system in which personal data is structured and processed according to certain criteria. The systems in question can be physical or digital. Data can be processed according to more than one criterion within the system in question. For example, data can be recorded and processed based on a registration system based on name and surname, Turkish Republic of Northern Cyprus or place of birth.
Data controller is the person responsible for the processing, transfer, deletion of direct data and other obligations under the law within the scope of Law No. 6698. They are those who determine the purposes and means of processing personal data and are responsible for establishing and managing the data recording system. These persons may be natural persons or legal entities such as public institutions, companies, associations or foundations. Within the scope of this information text, it refers to ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC.LTD.ŞTİ .
Data processors are real and legal persons who process data on behalf of the data controller. These persons may be employees who process personal data within the framework of the instructions given to them, or they may be a separate natural or legal person determined by the data controller by purchasing services. Any natural or legal person can be both a data controller and a data processor at the same time. For example, while an accounting company is considered a data controller for the data it holds about its own personnel, it will be considered a data processor for the data it holds for its customer companies.
Related person,It refers to the real person whose personal data is processed, that is, the TRAINEE within the scope of this agreement.
Destruction refers to the deletion, destruction or anonymization of personal data.
A. PURPOSES OF PROCESSING OF PERSONAL DATA
As the relevant person, your personal data is processed for the following purposes within the scope of Articles 5 and 6 of Law No. 6698;
• Carrying out internal human resources processes.
• Ensuring internal communication within the company.
• Ensuring the safety of the company, its employees and third parties,
• Conducting statistical studies and making risk assessments.
• To ensure in-house event management.
• Ensuring the management of relationships with business partners or suppliers.
• Conducting demand and complaint management.
• To be able to carry out work and transactions as a result of signed contracts and protocols.
• To transmit to the Authority the necessary information and documents to fulfill the obligations imposed on us in accordance with Law No. 6698.
• To ensure the fulfillment of legal obligations as required or required by legal regulations.
• To contact real and legal persons who have business relations with the company.
• Carrying out operations within the scope of the company's production and marketing policies.
• Making legal reports.
• To provide proof of material and legal facts as evidence in possible disputes that may arise in the future.
• To keep track of the Payroll transactions of the account and identity data in question (kept in the accounting program and kept in the data storage area of the said program).
• To ensure the continuation of internal communication and activities within the Institution, limited to the purpose, with solution partners or third parties and companies regarding reasons such as transportation of your personal data, vehicle supply, business card printing.
• To protect the legal rights of the company or third parties in case of legal conditions.
• To coordinate the identity and contact information of the relevant person's relative and the relevant person in emergency situations.
• Keeping track of entry and exit from work.
• To determine the appropriate personnel for the correction of company vehicles with driver's license and other driver qualification certificates.
• To follow up the training processes.
• Creating intern files.
• To ensure the provision of information and documents requested by public institutions and organizations, especially regulatory and supervisory institutions and organizations, to the relevant institutions.
• To ensure that the requested information and documents are shared with the judicial authorities in line with the requests of the judicial authorities.
The data obtained and processed within the scope of the above purposes and this clarification will be kept by taking the necessary administrative and technical measures for the legal periods and will be destroyed at the end of the periods.
The information and documents requested and processed from interns are as follows; Intern Application Form, ID Photocopy, Criminal Record, Picture, Education and School Information, Contact Information, Family Information and Family Contact Information, Address Information, Health Report, Permission Forms, Incident and detection reports that the Intern is directly or indirectly involved with.
B. LEGAL REASONS REQUIRING STORAGE AND PROCESSING
The data obtained by our company is obtained, processed, stored and destroyed for the specified periods, based on the following legislative provisions. The legal regulations in question are as follows;
• Personal Data Protection Law no. 6698,
• Turkish Code of Obligations no. 6098,
• Public Procurement Law no. 4734,
• Social Security and General Health Insurance Law no. 5510,
• No. 5651 on Regulating Publications Made on the Internet and Combating Crimes Committed Through These Publications The Law,
• Public Financial Management Law No. 5018,
• Occupational Health and Safety Law No. 6331,
• Law No. 4982 on Access to Information,
• Law No. 3071 on the Exercise of the Right to Petition,
• Labor Law No. 4857,
• Pensioner Health Law No. 5434,
• Law No. 6102 Turkish Commercial Code No.
The said law articles are also important in terms of obtaining explicit consent. Personal Data Protection Law No. 6698 5/2.a. According to this clause, personal data may be processed without the explicit consent of the relevant person, if it is clearly provided for by law. Within the scope of the 1st sentence of paragraph 6/3 of the same law, personal data of a special nature, other than data regarding health and sexual life, can be processed without requiring explicit consent if it is stipulated by law.
C. METHODS OF COLLECTING PERSONAL DATA
Your personal data consists of information and documents received within the scope of your dialogues and communication with our company. Reference letters sent to us and the preliminary agreement and contract concluded, internship application forms, online forms filled out on the website, suggestion/complaint form, various contracts, information, documents and application forms obtained from online communication channels, especially e-mail environments, security cameras. , letters, warnings, incident reports and workplace minutes are the main sources of data collection. These data are obtained and processed in accordance with our data policy and Board decisions, taking into account the conditions within the scope of Articles 5 and 6 of the Personal Data Protection Law (KVKK) and the principles included in Article 4. In all these processes, it is aimed to prevent unnecessary data acquisition by taking into account the principles of proportionality and proportionality.
D. TRANSFER OF PERSONAL DATA
As the Data Controller ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC.LTD.ŞTİ, taking into account the principles stated in Article 4
of Law No. 6698 ,
It is necessary to protect the life or physical integrity of oneself or another person,
• It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or execution of a contract,
• It is mandatory for the data controller to fulfill its legal obligation, It is done by the data subject himself. being made public,
• Data processing is mandatory for the establishment, exercise or protection of a right,
• Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person,
• Protection of public health, preventive medicine, medical diagnosis, treatment. Transfers can be made to third parties and institutions for the execution of care services, planning and management of health services and their financing, provided that the conditions stated in Articles 8 and 9 of the KVKK and the measures determined by the Board are taken. The data in question is the relevant personnel of our company, company managers, the domestic servers we use, persons and organizations that process data on behalf of the data controller and provide measurement, targeting and profiling support, lawyers, auditing companies, business and solution partners, suppliers, judicial authorities, regulators. and can be shared with supervisory institutions and official authorities.
Among the processed data, data in the form of name, surname, telephone, address and health reports can be shared with overseas servers and data centers used by communication, storage and communication programs that transfer data online.
Although the country where data is transferred varies in terms of foreign servers and data centers used by communication, storage and communication programs that transfer data online, the headquarters of Google and Microsoft Based Online applications is the United States, and Yandex's headquarters is Russia. Again, in terms of WhatsApp application, the center in question is the United States, while in terms of Telegram, it is Russia.
E. STORAGE AND DESTRUCTION POLICY OF PERSONAL DATA
Although it has been processed in accordance with the provisions of this Law and other relevant laws, personal data will be deleted, destroyed or anonymized by us ex officio or upon the request of the relevant person, in case the reasons requiring processing are eliminated. In accordance with paragraph 7/2 of Law No. 6698, it has been accepted that the relevant articles of law will be taken as basis in determining storage periods and destruction dates, without prejudice to the provisions written in other laws. For this reason, legal retention periods and statute of limitations must be taken into account when determining the destruction period of each data to be destroyed.
Although our KVKK destruction policy is explained in detail at https://www.alminprofil.com.tr/ KVKK-1.html under the KVKK Destruction Policy title, your Personal Data will be kept for a maximum of 10 years following the end of the legal relationship. During the first destruction period after the end of the storage period, the data is deleted, anonymized or destroyed by personnel dedicated exclusively to this task on behalf of the data controller, based on the Personal Data Protection Law and KVKK destruction regulations. These destruction processes are recorded and the minutes are kept for 3 years.
F. RELATED PERSON RIGHTS
Your rights as the relevant person whose data is processed are written as follows in Article 11 of Law No. 6698;
• You can find out whether we process personal data about you, and if we do or have processed personal data, you can request information about it.
• You can learn the purpose of processing your personal data and whether they are used for their intended purpose.
• You can find out whether your personal data is transferred domestically or abroad and to whom it is transferred.
• You may request that your inaccurate or incomplete personal data be corrected and that the recipients to whom this data has been or may have been transferred be informed.
• You can request that your personal data be destroyed (deleted, destroyed or anonymized) within the framework of the conditions stipulated in Article 7 of the KVKK. However, by evaluating your destruction request, we will evaluate which method is appropriate according to the circumstances of the concrete case. In this context, you can always request information from us about why we chose the destruction method we chose.
• You may request that third parties to whom your personal data has been or may be transferred be informed about your destruction request.
• You can object to the results of your personal data analysis, which were created exclusively using an automated system, if these results are contrary to your interests.
• If you suffer damage due to unlawful processing of your personal data, you can request compensation for the damage.
As the data controller, we are obliged to process and evaluate the applications made by the relevant person in accordance with Law No. 6698. Your requests in your Personal Data Breach Application will be finalized free of charge within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost for the Company, the fee specified in the Communiqué on the Procedures and Principles of Application to the Data Controller may be charged by the Personal Data Protection Board.
If an application is made and the application is rejected by the company, you have the right to apply to the Personal Data Protection Board within thirty days from the date you receive the rejection decision. If no notification is made to you, as the Data Controller, within 30 days, an application can be made to the Board within 30 days from the date of thirty days. In order to avoid confusion regarding application periods, it is useful to look at the Decision of the Personal Data Protection Board dated 24.01.2019 and numbered 2019/9 on the Calculation of the Application to the Data Controller and Complaint Periods to the Board, the decision in question is as follows;
• If the data controller responds to the application made by the relevant person within 30 days, the relevant person can file a complaint within 30 days following the response of the data controller, and in this respect, in such cases, the relevant person does not have 60 days from the date of application to the data controller,
• The application made by the relevant person If no response is given by the data controller, the relevant person may file a complaint with the Board within 60 days from the date of application to the data controller,
• Considering that if the data controller responds to the application made by the relevant person after the 30-day period granted to the data controller in the Law, the relevant person is not obliged to wait for the response to be given after the 30-day period granted to the data controller in the Law and can file a complaint with the Board upon the expiration of the period granted to the data controller. The person can complain to the Board within 60 days from the date of application to the data controller, not 30 days from the date the data controller responds to him/her. You can submit
your application regarding the processing of your personal data by filling out the application form available on the Company's website or by following Article 5 of the Communiqué on the Procedures and Principles of Application to the Data Controller. You can do so by the following methods, provided that you comply with the procedures and principles specified in the article:
• In writing and signed by a notary or registered
mail • By e-mail sent from your registered e-mail (KEP) address
• By secure electronic signature or mobile signature
• By notification to your e-mail address.
• By making a notification on 0312 267 58 80
, it will be beneficial not to lose the registration numbers given to you for the above notifications in terms of file and transaction tracking, and you will be able to give feedback to the notifications made to us using the same method or registered mail.
In order to make an application, the information of the Data Responsible is as follows:
Title: ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC. LTD. ŞTİ.
Mersisno: 0-0550-4031-2600017
E-mail address: bilgiislem@alminprofil.com.tr
Postal Address: ASO 1. Org. Singing. Region. Dagestan Cad. No:9 Sincan/ANKARA
Tel: 0312 267 58 80
If the data in question is obtained contrary to procedures and laws, it will be reported to the board as soon as possible in accordance with Article 12 of the KVKK. The shortest time to understand is 2 72 hours.
G. UPDATE AND COMPLIANCE
The Company reserves the right to make changes to this Policy and other policies related to this Policy due to changes made in the Law, in accordance with the decisions of the KVK Board or in line with developments in the sector or the field of informatics.
Changes made to this Policy are immediately incorporated into the text and explanations regarding the changes are explained at the end of the Policy.
You can access the complaint form you can make to our company, the complaint form you can make to the KVK Institution, and this clarification text and KVKK Policies from the following link(s); You can reach https:// www.alminprofil.com.tr/ KVKK-1.html .
------------------------Footnotes------------------
1-a) Compliance with the law and the rules of honesty.
b) Being accurate and up to date when necessary.
c) Processing for specific, clear and legitimate purposes.
ç) Being related to the purpose for which they are processed, limited and proportionate.
d) To be kept for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.
2- With the decision of the Personal Data Protection Board dated 24.01.2019 and numbered 2019/10;
Paragraph (5) of Article 12 of the Law states: "In case the processed personal data is obtained by others through illegal means, the data controller shall notify this situation to the person concerned and the Board as soon as possible..." The expression "as soon as possible" in the provision should be interpreted as 72 hours, and in this context, the data controller should notify the Board without delay and within 72 hours at the latest from the date of learning of this situation, and following the determination of the persons affected by the data breach by the data controller, the relevant persons should be notified as soon as possible. Within the period, if the contact address of the relevant person can be reached, notification will be made directly, or if not, notification will be made by appropriate methods such as publishing it on the data controller's own website,
Address
ASO 1.Organized Industrial Zone Dagestan Cd. No:9 Sincan / ANKARA / TURKEY
