Our story started with a dream. As Cemer Playground Equipment, with the awareness of being one of the pioneers in the industry, we have been managing the whole process from idea to production based on safety for 30 years. We provide you confidence.
Privacy Statement
CEMER KENT EKIPMANLARI TIC. SAN. A.S.
PERSONAL DATA PROTECTION AND PROCESSING POLICY
CEMER KENT EKIPMANLARI TIC. SAN. A.S.
PERSONAL DATA PROTECTION AND PROCESSING POLICY
Recipient: All natural persons whose Personal Data is processed by Cemer Kent Ekipmanlari Tic. San. A.S., excluding employees of Cemer Kent Ekipmanlari Tic. San. A.S.
Prepared by: Cemer Kent Ekipmanlari Tic. San. A.S. .........................
Approved by: Approved by the Board of Directors of Cemer Kent Ekipmanlari Tic. San. A.S.
© Cemer Kent Ekipmanlari Tic. San. A.S., 2020 This document may not be reproduced or distributed without the written permission of Cemer Kent Ekipmanlari Tic. San. A.S.
CONTENTS
- INTRODUCTION - 6 1.1 Introduction -
- 6 1.2 Purpose of the Policy -
- 6 1.3 Scope of the Policy -
- 6 1.4 Definitions -
- 6 1.5 Enforcement of the Policy - 8
- PROTECTION OF PERSONAL DATA - 8 2.1 Security of Personal Data - 8 2.2 Audit - 9 2.3 Confidentiality - 9 2.4 Unauthorized Disclosure of Personal Data - 9 2.5 Protection of Legal Rights of Data Subjects - 9 2.6 Protection of Special Categories of Personal Data - 9
- PROCESSING AND TRANSFER OF PERSONAL DATA - 9 3.1 General Principles for Processing and Transferring Personal Data - 9 3.1.1 Compliance with Law and Principles of Honesty - 9 3.1.2 Accuracy and, Where Necessary, Keeping Up-to-Date - 10 3.1.3 Processing for Specific, Explicit, and Legitimate Purposes - 10 3.1.4 Relevance, Limitation, and Proportionality to Processing Purposes - 10 3.1.5 Retention for the Period Required by Law or for Processing Purposes - 10 3.2 Conditions for Processing Personal Data - 10 3.2.1 Explicit Provision by Laws - 10 3.2.2 Necessity for Protection of Life or Physical Integrity Where Consent Cannot Be Obtained - 11 3.2.3 Necessity for Performance of a Contract - 11 3.2.4 Compliance with Legal Obligations of the Company - 11 3.2.5 Public Disclosure by the Data Subject - 11 3.2.6 Necessity for Establishment, Use, or Protection of a Right - 11 3.2.7 Necessity for Legitimate Interests of the Company Without Violating Fundamental Rights - 11 3.3 Conditions for Processing Special Categories of Personal Data - 11 3.3.1 Explicit Provision by Laws - 11 3.3.2 Processing for Public Health Protection, Medical Diagnosis, Treatment, or Care Services - 12 3.4 Conditions for Transferring Personal Data - 12 3.4.1 Conditions for Transferring Personal Data Abroad - 12
- CATEGORIES OF PERSONAL DATA AND GROUPS OF DATA SUBJECTS - 13 4.1 Categories of Personal Data - 13 4.2 Groups of Data Subjects - 14
- METHODS AND LEGAL BASIS FOR COLLECTING PERSONAL DATA - 16 5.1 Methods of Collecting Personal Data - 16 5.2 Legal Basis for Collecting Personal Data - 16
- PURPOSES OF PROCESSING PERSONAL DATA - 16 6.1 Matching Processing Purposes with Personal Data Categories of Data Subject Groups - 16 6.2 Personal Data Processing Activities in Physical Spaces - 20 6.3 Personal Data Processing Activities on the Website - 20 6.4 Personal Data Processing Activities Through Communication Channels - 20
PURPOSES OF PERSONAL DATA TRANSFER AND RECIPIENTS/ORGANIZATIONS - 20 7.1 Purposes of Personal Data Transfer - 20 7.2 Recipients/Organizations of Personal Data Transfer - 21
- DESTRUCTION AND RETENTION PERIODS OF PERSONAL DATA - 21 8.1 Destruction of Personal Data - 21 8.2 Retention Periods of Personal Data - 21
INFORMATION OF DATA SUBJECTS AND THEIR RIGHTS UNDER THE PERSONAL DATA PROTECTION LAW - 21 9.1 Informing the Data Subject - 22 9.2 Cases Where the Policy and Law Are Not Fully or Partially Applicable - 22 9.3 Rights of the Data Subject Under the Personal Data Protection Law - 22
- INTRODUCTION
1.1 Introduction Cemer Kent Ekipmanlari Tic. San. A.S. ("Company") attaches utmost importance to protecting the fundamental rights and freedoms of individuals, particularly the privacy of private life as regulated in Article 20 of the Constitution, in the processing and protection of personal data. In this context, the Company ensures the lawful protection and processing of personal data under the Personal Data Protection Law No. 6698 ("Law" or "PDPL"), and conducts all its planning and activities with this approach.
Our Company does not consider the protection and processing of personal data solely as a matter of legal compliance but places the value it attributes to human dignity at the core of its approach. Acting with this awareness, the Company takes all necessary administrative and technical measures to ensure the lawful protection and processing of personal data.
1.2 Purpose of the Policy The purpose of the Personal Data Protection and Processing Policy ("Policy") is to maximize the protection of fundamental rights and freedoms of individuals, particularly the privacy of private life as regulated in Article 20 of the Constitution, and to inform personal data subjects (relevant persons) about the Company's obligations and the procedures and principles to be followed under the Law. In line with this purpose, the Company aims to ensure full compliance with the legislation in its personal data protection and processing activities and to safeguard the privacy and data security rights of personal data subjects.
1.3 Scope of the Policy This Policy applies to real persons, including Job Candidates, Family Members of Job Candidates, Employees, Subcontractor Employees, Subcontractor Officials, Company Shareholders/Partners, Company Officials, Interns, Family Members of Employees/Officials/Shareholders/Interns, Service Provider Employees, Service Provider Officials, Scholarship Holders, Customer Officials, Customer Employees, Business Partners, Business Partner Officials, Business Partner Employees, Supplier Employees, Supplier Officials, Potential Customer Officials, Potential Customer Employees, Visitors, Consumers, Participants, Jury Members, Auditors, Environmental Consultants, Students, and Third Parties. The Company informs these data subjects about the Law by publishing this Policy on its website. This Policy does not apply to legal entities in any capacity. For the Company's employees, the "Personal Data Processing Policy for Employees" will be applied.
This Policy applies to personal data processed by the Company, whether fully or partially automated, or by non-automated means as part of any data recording system. If the data does not fall under the definition of "Personal Data" specified below or if the personal data processing activity conducted by the Company does not occur through the aforementioned methods, this Policy will not apply.
- PROTECTION OF PERSONAL DATA
2.1 Security of Personal Data Our Company takes all necessary administrative and technical measures to ensure an appropriate level of security to securely store personal data, and to prevent unlawful processing and unauthorized access to personal data in accordance with the Law. The administrative and technical measures regarding the security of personal data are detailed in our Company's Personal Data Retention and Disposal Policy.
To ensure compliance with the regulations set forth in the Law and other relevant legislation, our Company has established a "Personal Data Protection Management System" and formed a Personal Data Protection Committee within its organization to implement this Policy and other related policies.
2.2 Audit Our Company conducts and has conducted necessary audits to ensure the establishment, regularity, and continuity of the data security measures described above. The Personal Data Protection Committee audits the measures taken for the security of personal data.
2.3 Confidentiality Our Company takes all necessary administrative and technical measures, considering technological capabilities and implementation costs, to ensure that relevant data controllers and data processors do not disclose personal data to third parties or use it for purposes other than processing, in violation of the Law and Policy provisions. In this context, information and training sessions are conducted for company employees regarding the Law and Policy, and confidentiality agreements are signed as part of the hiring process for relevant employees.
2.4 Unauthorized Disclosure of Personal Data In the event that personal data processed by our Company is obtained unlawfully by others, our Company will carry out the necessary procedures to notify the relevant individual and the Personal Data Protection Authority within the periods determined by the Authority. If deemed necessary by the Authority, this situation will also be announced on the Authority's website or through another method deemed appropriate by the Authority.
2.5 Protection of Legal Rights of Data Subjects Our Company observes all legal rights of data subjects concerning the implementation of the Policy and the Law and takes all necessary measures to protect these rights.
2.6 Protection of Special Categories of Personal Data Data related to an individual's race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance and dress, membership in associations, foundations, or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data, are considered special categories of personal data. Our Company recognizes that the disclosure of such data to others may cause harm or discrimination against the individual and therefore takes adequate measures determined by the Authority to protect such personal data processed lawfully. In this regard, our Company has a separate, systematic, clearly defined, manageable, and sustainable policy (Special Categories of Personal Data Security Policy) and procedures.
- PROCESSING AND TRANSFER OF PERSONAL DATA
3.1 General Principles for Processing and Transferring Personal Data Our Company processes personal data in accordance with the procedures and principles stipulated in the Law and this Policy. When processing personal data, our Company adheres to the following principles:
3.1.1 Compliance with Law and Principles of Integrity Our Company processes personal data in accordance with applicable legislation and the requirements of the principle of integrity and uses it within these boundaries. In line with the principle of integrity, our Company considers the interests and reasonable expectations of data subjects while pursuing its data processing objectives. It acts to prevent outcomes that the data subject does not expect and should not expect. Additionally, our Company ensures that the data processing activities are transparent to the data subject and fulfills its information and warning obligations.
3.1.2 Accuracy and Up-To-Date When Necessary Our Company ensures that the personal data it processes is accurate and up-to-date, considering the fundamental rights and legitimate interests of the data subjects. In this context, it carefully considers factors such as the identification of data sources, verification of data accuracy, and evaluation of the need for updates. Our Company keeps channels open at all times to ensure that the personal data of data subjects is accurate and up-to-date. Maintaining accurate and current personal data is necessary not only to protect the interests of our Company but also to safeguard the fundamental rights and freedoms of the data subject.
3.1.3 Processing for Specific, Explicit, and Legitimate Purposes Our Company clearly and definitively determines the purpose of data processing and ensures its legitimacy. A legitimate purpose means that the personal data processed by our Company is related to and necessary for the business activities it conducts or the services it provides. Our Company does not process personal data for purposes other than those specified. Accordingly, it ensures compliance with the principle of clarity in legal documents and texts where personal data processing purposes are explained.
3.1.4 Data Processing Limited and Proportionate to the Purpose Our Company ensures that the personal data processed is suitable for achieving the specified purposes and avoids processing data that is not related to or needed for the fulfillment of these purposes. Our Company does not collect or process personal data for purposes that do not exist or are not anticipated to occur in the future. If there is a need to process data for newly emerging purposes, it complies with the processing conditions stipulated by the Law. Additionally, it limits the processed data to what is necessary to achieve the purpose. Within the scope of the principle of proportionality, it establishes a reasonable balance between the purpose of data processing and the data processed.
3.1.5 Retention for the Period Required by Relevant Legislation or for the Purpose of Processing Our Company complies with retention periods specified in relevant legislation; otherwise, it retains personal data only for as long as necessary for the purpose of processing. If there is no valid reason to retain personal data longer, our Company deletes, destroys, or anonymizes the data. Procedures for the retention and destruction of personal data are detailed in our Company's Personal Data Retention and Disposal Policy.
- CATEGORIES OF PERSONAL DATA AND DATA SUBJECT GROUPS
4.1 Categories of Personal Data Personal data is categorized and processed by our Company as follows:
Identity: Data containing information about the identity of personal data subjects, such as full name, national ID number, marital status, parents' names, place and date of birth, and other identity information, including copies of driver's licenses, ID cards, and passports; tax number, social security number, signature information, etc.
Contact: Contact information of personal data subjects, such as phone number, address, email address, registered electronic mail (REM) address, fax number, etc.
Employment: Information processed to obtain data necessary for the protection of personal data subjects' employment rights, such as resumes, job titles, employment records, social security/pension information, payroll details, asset declarations, disciplinary investigation and performance evaluation reports, etc.
4.2 Data Subject Groups Our Company processes personal data of various data subject groups, including but not limited to employees, candidates, customers, suppliers, business partners, and other third parties with whom we have legal or commercial relationships.
Location
Information related to the location of personal data subjects: Location data that can be obtained while using company-owned vehicles or devices; location data obtained through systems such as OGS, vehicle identification, and meal cards.
Legal Process
Data processed within the scope of determining, tracking, and fulfilling the company’s legal claims and rights, as well as legal obligations: Power of attorney information, court and administrative authority decisions, information in correspondence with judicial authorities, information in case files, etc.
Customer Transaction
Information related to our company's customers: Request information, order information, invoice, promissory note, check, receipt information, etc.
Physical Space Security
Personal data related to records and documents obtained during entry to company-owned physical spaces and while inside these spaces: Entry-exit records, magnetic card records, security camera recordings, vehicle license plate, etc.
Transaction Security
Personal data processed to ensure the technical, administrative, legal, and commercial security of both the personal data owner and the company during company activities: IP address information, website access (traffic) information, internet access records, password and passcode information, etc.
Finance
Personal data processed related to information, documents, and records showing the outcome of all kinds of financial relationships established between the company and personal data subjects, including bank account information, credit information, balance sheet data, financial profile, assets, and insurance information, etc.
Professional Experience
Data recorded during the recruitment process and thereafter: Diploma, transcript, education/course/certificate information, driver's license information, foreign language proficiency, reference information, etc.
Marketing
Customer number, campaign information, order information, habit/preference reports, cookie records.
Visual and Audio Records
Photos, video, and audio recordings that can be obtained outside the scope of physical space security and the documents to which these data are transferred: Photos attached to forms, video interview and meeting recordings, etc.
Communication Records
Communication data obtained through the company's communication and information systems: Corporate telephone call records, corporate mail and email records, and their contents, etc.