As Data Controller ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC.LTD.ŞTİ , we would like you to know that we take the necessary measures for data security within the scope of our Personal Data Policy with utmost effort to protect your personal data, taking into account the Personal Data Protection Law No. 6698 and other legislation and international agreements. You can access the data security policies and destruction policies we follow in this process under the title of KVKK Destruction Policy on our website under the heading of KVKK.
Within the scope of this clarification text, it is useful to know the meanings of the following concepts.
Explicit consent, within the scope of Directive 95/46 EC, should be understood as a statement of approval given by the data subject freely, with sufficient information on the subject, in a clear manner that leaves no room for hesitation, and limited only to that transaction, to the processing of data about him/her.
Anonymization of personal data means making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.
Data recording system refers to the recording system in which personal data is structured and processed according to certain criteria. The systems in question can be physical or digital. Data can be processed according to more than one criterion within the system in question. For example, data can be recorded and processed based on a registration system based on name and surname, Turkish Republic of Northern Cyprus or place of birth.
Data controller is the person responsible for the processing, transfer, deletion of direct data and other obligations under the law within the scope of Law No. 6698. They are those who determine the purposes and means of processing personal data and are responsible for establishing and managing the data recording system. These persons may be natural persons or legal entities such as public institutions, companies, associations or foundations. Within the scope of this information text, it refers to ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC.LTD.ŞTİ .
Data processors are real and legal persons who process data on behalf of the data controller. These persons may be employees who process personal data within the framework of the instructions given to them, or they may be a separate natural or legal person determined by the data controller by purchasing services. Any natural or legal person can be both a data controller and a data processor at the same time. For example, while an accounting company is considered a data controller for the data it holds about its own personnel, it will be considered a data processor for the data it holds for its customer companies.
Related person,It refers to the natural person whose personal data is processed, that is, the SUPPLIER within the scope of this contract.
Destruction refers to the deletion, destruction or anonymization of personal data.
A. PURPOSES OF PROCESSING OF PERSONAL DATA
All data obtained, taking into account the restrictions within the scope of Articles 5 and 6 of the Personal Data Protection Law No. 6698, will be processed for the following purposes;
• Ensuring cooperation and communication between companies,
• Maintaining intra-company activities,
• Carrying out internal and external operations of the company in the fields of accounting, finance and marketing,
• Fulfilling obligations arising from legal legislation,
• Execution of the works agreed upon within the scope of partnership agreements with solution partners
• Providing customers with products and services • To be able to provide information about the products and services, to measure their satisfaction through a survey, to evaluate the quality unit production within the company, • To
ensure the safety of our company and employees
, • To ensure the physical space security of products and services,
• To be able to use them as evidence in legal disputes that may arise,
• To ensure the legal, It can be processed for the purposes of ensuring technical and commercial/occupational safety,
• Providing the information and documents requested by public institutions and organizations, especially regulatory and supervisory institutions and organizations, to the relevant institutions,
• Ensuring that the requested information and documents are shared with the judicial authorities in line with the requests of the judicial authorities. .
In this context, your data to be processed are as follows; Name, Surname, E-mail address, Address, Mobile phone number, Telephone number, Transport Vehicle Information and location information about the vehicle, Qualification documents required by the official authorities authorized for transportation, Reference Company Information.
B. METHODS OF COLLECTION OF PERSONAL DATA
Your personal data may be collected from information received within the scope of dialogues and communication with our company, reference letters sent to us and the scope of the preliminary contract and contract concluded, e-mail, mobile communication, mobile applications, suggestion/complaint form, website cookie applications, internet It is collected from the forms filled out and sent to us within the scope of the website. These data are obtained and processed in accordance with our data policy and Board decisions, taking into account the conditions within the scope of Articles 5 and 6 of the Personal Data Protection Law (KVKK) and the principles included in Article 4. In all these processes, it is aimed to prevent unnecessary data acquisition by taking into account the principles of proportionality and proportionality.
C. TRANSFER OF PERSONAL DATA
As the Data Controller ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC.LTD.ŞTİ, taking into account the principles stated in Article 4
of Law No. 6698 ,
It is necessary to protect the life or physical integrity of oneself or another person,
• It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or execution of a contract,
• It is mandatory for the data controller to fulfill its legal obligation, It is done by the data subject himself. being made public,
• Data processing is mandatory for the establishment, exercise or protection of a right,
• Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person,
• Protection of public health, preventive medicine, medical diagnosis, treatment. Transfers can be made to third parties and institutions for the execution of care services, planning and management of health services and their financing, provided that the conditions stated in Articles 8 and 9 of the KVKK and the measures determined by the Board are taken. Provisions in other legislation are reserved. As the data controller, we are responsible for processing personal data and personal data of special nature to third parties when it is legally obligatory to ensure the interests of third parties in line with their requests, when it is required by the company's purposes, that is, when the company's legitimate interests require it, when the above conditions are met, in line with the fulfillment of obligations towards public institutions, the fulfillment of legal obligations and other purposes. It is possible to transfer it to other people.
•In the light of the above explanations, the data in question is the relevant personnel of our company, company managers, our affiliated companies, our direct / indirect domestic subsidiaries, the organizations we receive service from, the domestic servers we use, the domestic institutions and organizations from which we receive cloud services, those who transfer online data. Domestic servers and data centers used by communication, storage and communication programs, individuals and organizations that process data on behalf of the data controller and provide measurement, targeting and profiling support, lawyers, auditing companies, business and solution partners, suppliers, judicial authorities, regulatory and supervisory institutions. and can be shared with official authorities.
•NAME SURNAME, ADDRESS, CONTACT, LOCATION data from the processed data can be shared with foreign servers and data centers used by communication, storage and communication programs that transfer data online.
•Although the country where data is transferred varies in terms of foreign servers and data centers used by communication, storage and communication programs that transfer data online, the management center of Google and Microsoft Based Online applications is the United States, and Yandex's management center is Russia. Again, in terms of WhatsApp application, the center in question is the United States, while in terms of Telegram, it is Russia.
D. PERSONAL DATA STORAGE AND DESTRUCTION POLICY
Your personal data will be stored as long as our contractual relationship continues, and will be stored for 10 (ten) years following the termination of the contractual or other legal relationship in question, and if required by other legal conditions such as criminal statute of limitations that cause a longer statute of limitations. The work may also be stored beyond this period. During the first destruction period after the end of the storage period, the data stored electronically will be deleted or anonymized, and other data will be destroyed by burning, by the data controller's personnel exclusively dedicated to this task, using methods within the scope of the Personal Data Protection Law and relevant regulations. These destruction procedures will be recorded. You can find detailed explanations about the destruction and storage policies in question and the administrative and technical measures taken under the title KVKK Disposal Policy under the KVKK heading on our website.
E. LEGAL BASIS REQUIRING DATA PROCESSING AND STORAGE
Personal data processed in the institution within the framework of its activities are retained for the period stipulated in the relevant legislation. The laws underlying the processing of data and the storage of data, which is a data processing, are as follows;
• Personal Data Protection Law No. 6698,
• Turkish Code of Obligations No. 6098,
• Law No. 4982 on Access to Information, •
Turkish Commercial Code No. 6102
• Consumer Protection Law No. 6502
• Tax Procedure Law No. 213
• Income Tax Law No. 193
E. DATA
PURPOSES THAT REQUIRE PROCESSING AND STORAGE Purposes based on the exclusive storage of data; Providing the necessary service to the customer, ensuring quality standards, managing the delivery processes of products and services, ensuring communication and evaluating risk policies.
F. RELATED PERSON RIGHTS
Your rights as the relevant person whose data is processed are written as follows in Article 11 of Law No. 6698;
• You can find out whether we process personal data about you, and if we do or have processed personal data, you can request information about it.
• You can learn the purpose of processing your personal data and whether they are used for their intended purpose.
• You can find out whether your personal data is transferred domestically or abroad and to whom it is transferred.
• You may request that your inaccurate or incomplete personal data be corrected and that the recipients to whom this data has been or may have been transferred be informed.
• You can request that your personal data be destroyed (deleted, destroyed or anonymized) within the framework of the conditions stipulated in Article 7 of the KVKK. However, by evaluating your destruction request, we will evaluate which method is appropriate according to the circumstances of the concrete case. In this context, you can always request information from us about why we chose the destruction method we chose.
• You may request that third parties to whom your personal data has been or may be transferred be informed about your destruction request.
• You can object to the results of your personal data analysis, which were created exclusively using an automated system, if these results are contrary to your interests.
• If you suffer damage due to unlawful processing of your personal data, you can request compensation for the damage. Your requests in your Application Subject to Personal Data Violation will be finalized free of charge within
thirty days at the latest, depending on the nature of the request . However, if the transaction requires an additional cost for the Company, the fee specified in the Communiqué on the Procedures and Principles of Application to the Data Controller may be charged by the Personal Data Protection Board. You can make your application regarding the processing of your personal data by filling out the application form on the Company's website or by following the methods specified in Article 5 of the Communiqué on Application Procedures and Principles to the Data Controller: • In writing and signed by a notary public or registered mail • By e-mail sent from your registered e-mail address (KEP) • By secure electronic signature or mobile signature • By notification to your e-mail address • By notification to 0312 267 58 80 It will be beneficial not to lose the registration numbers given to you for the above notifications in terms of file and transaction tracking. and will be able to provide feedback to the notifications made to us by the same method or registered mail. THE DATA CONTROLLER INFORMATION REQUIRED FOR YOU TO MAKE YOUR APPLICATIONS IS AS BELOW; Title: ALMİN ALÜMİNYUM PROFİL INDUSTRY AND TRADE. LTD. ŞTİ. Mersisno: 0-0550-4031-2600017
E-mail address: bilgiislem@alminprofil.com.tr
Postal Address: ASO 1. Org. Singing. Region. Dagestan Cad. No:9 Sincan/ANKARA
Tel: 0312 267 58 80
If the data in question is obtained contrary to procedures and laws, it will be reported to the board as soon as possible in accordance with Article 12 of the KVKK. The shortest time to understand is 3 72 hours.
G. UPDATE AND COMPLIANCE
The Company reserves the right to make changes to this Policy and other policies related to this Policy due to changes made in the Law, in accordance with the decisions of the KVK Board or in line with developments in the sector or the field of informatics. If there are any changes within the scope of the policies in question, you will be notified by announcement and certified copies of the old policies will be kept for 3 (three) years.
Changes made to this Policy are immediately incorporated into the text and explanations regarding the changes are explained at the end of the Policy.
The complaint form you can make to our company, the complaint form you can make to the KVK Institution, this clarification text and the KVKK Policies can be found at the following link(s); You can reach https:// www.alminprofil.com.tr/ KVKK-1.html .
------------------------Footnotes------------------
1-a) Compliance with law and honesty comply with the rules.
b) Being accurate and up to date when necessary.
c) Processing for specific, clear and legitimate purposes.
ç) Being related to the purpose for which they are processed, limited and proportionate.
d) To be kept for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.
2- The following principles are included in the Decision of the Personal Data Protection Board dated 24.01.2019 and numbered 2019/9 on the Calculation of Application to the Data Controller and Complaint Periods to the Board: •
If the data controller responds to the application made by the relevant person within 30 days, the relevant person will receive the response of the data controller. • In such cases, the relevant person does not have a period of 60 days from the date of application to the data controller.
• If the data controller does not respond to the application made by the relevant person, the relevant person can file a complaint with the Board within 60 days from the date of application to the data controller. ,
• Considering that if the data controller responds to the application made by the relevant person after the 30-day period granted to the data controller in the Law, the relevant person is not obliged to wait for the response to be given after the 30-day period granted to the data controller in the Law and can file a complaint with the Board upon the expiration of the period granted to the data controller. It has been deemed appropriate for the person to make a complaint to the Board within 60 days from the date of application to the data controller, not within 30 days from the date the data controller responds to him/her, and that the issues should be announced to the public with the Decision No. 2019/9 of the Personal Data Protection Board dated 24.01.2019.
3- With the decision of the Personal Data Protection Board dated 24.01.2019 and numbered 2019/10;
Paragraph (5) of Article 12 of the Law states: "In case the processed personal data is obtained by others through illegal means, the data controller shall notify this situation to the person concerned and the Board as soon as possible..." The expression "as soon as possible" in the provision should be interpreted as 72 hours, and in this context, the data controller should notify the Board without delay and within 72 hours at the latest from the date of learning of this situation, and following the determination of the persons affected by the data breach by the data controller, the relevant persons should be notified as soon as possible. Within the period, if the contact address of the relevant person can be reached, notification will be made directly, or if not, notification will be made by appropriate methods such as publishing it on the data controller's own website,