INFORMATION TEXT
As the data controller, we would like to fulfill our “Information Obligation” by informing you about the “Personal Data Protection Law” (KVKK) regarding personal data. The COMPANY processes the personal data transmitted to it within the framework of the Personal Data Protection Law No. 6698.
Our aim is to inform you in the most transparent way about the ways your personal data is processed, the purposes of processing, legal reasons, appropriate administrative and technical measures and your rights. As a Company, we aim to comply with the Law by creating all kinds of legal grounds and processes for the protection and processing of personal data through this Information Text and by creating awareness in this regard among all persons we are associated with.
DATA CONTROLLER IDENTITY
It acts as a data controller within the scope of the Personal Data Protection Law No. 6698 (“KVKK”). The information of the Data Controller is as follows:
Internet Address: https://akmansteel.com
Phone: +90 541 277 12 00
Address: Acıbadem Mah. Zerrin Sok. No:11/A Üsküdar/İstanbul
PURPOSE AND SCOPE OF THE INFORMATION TEXT
It is aimed that all transactions to be carried out by the COMPANY regarding personal data are carried out in accordance with the law and procedure in accordance with the Personal Data Protection Law No. 6698 and other relevant legislation.
Your personal data that you have shared with our COMPANY may be processed in accordance with the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK for the purposes of fulfilling the provisions arising from the employment or service contract, providing services related to the activities of our COMPANY such as the “Occupational Health and Safety Law No. 6331” and related regulations, customer information, training services, electronic communication processes, supplier workflow and employment processes, and improving the quality of these services and fulfilling other activities and complying with information obligations, ensuring the legal and commercial security of the COMPANY and the persons in business relations with the COMPANY, ensuring the implementation of the COMPANY’s human resources policies, determining and implementing commercial and business strategies.
PERSONAL DATA
All kinds of information and documents in the table below are within the scope of personal data pursuant to Article 3/d of the KVKK and can be processed by our COMPANY in a way that is proportionate and in connection with the purposes set forth in the 2nd heading, and can be transferred to the persons, institutions and organizations specified below within the scope of your explicit consent or the reasons stipulated in the relevant legislation.
Data category Description
Identity Information Information regarding the identity of an identified or identifiable natural person. Examples of this information include; name-surname, T.C. identity number, SSI number, vehicle license plate information.
Contact Information Information regarding the contact information of an identified or identifiable natural person. Examples of this information include; telephone number, e-mail information, address information, fax number, IP address.
Request/Complaint Management Information Any request and complaint sent to the Company and any record regarding their receipt and any report regarding their evaluation constitutes request/complaint management information if it relates to an identified or identifiable real person.
DATA OWNER (RELATED PERSON)
The persons included in this Disclosure Text are potential customers, visitors and all other relevant third parties, and the target audience for communication with our Companies is categorized in the table below:
Personal Data Owners Explanations
Potential Customers are real persons whose personal data the Company has obtained within the scope of any business relationship, without having a contractual relationship with our Companies.
Visitor Real persons who have visited the Company’s physical locations and/or website, regardless of the purpose, and real persons who have reached the Company by phone.
PURPOSES OF COLLECTING AND PROCESSING PERSONAL DATA
Your Personal Data/Data may be processed by the COMPANY for the purposes specified below, but not limited to these:
To fulfill our legal obligations in the legislation
To be able to conduct evaluation, analysis and risk management studies within legal limits regarding the service to be provided to customers, to improve and develop the services provided by our Companies, to determine and implement commercial and business strategies,
To maintain business and operations, to be able to carry out Company activities and procedures,
To plan and manage the internal functioning of our Company and daily operations, to carry out management activities,
To provide information,
To take necessary security measures during the execution of Company activities,
To comply with the obligations of storing information and informing in accordance with the relevant legislation and legal obligations
It will be processed within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698 for the purposes of performing our duties,
business development, advertising and marketing activities,
and management, increasing client satisfaction, research and related reasons.
In order for your personal data to be processed for some specific purposes, we require your explicit consent within the scope of Law No. 6698. If you give your explicit consent on any platform, the purposes for which your data may be processed are listed below:
1. Name-surname and e-mail address information of the persons who subscribe to the e-bulletin through the Company website for the purposes of conducting personalized marketing activities such as product-service promotion, gifts, discounts, campaigns, new opportunities and special offers, announcements, advertisements, event notifications, special day celebrations, notification of current legislative changes, business development, advertisement and marketing activities
2. With the Disclosure Text, you accept the Privacy Principles and the processing of your Personal Data accordingly, and the COMPANY reaching you through the contact information you provided.
3. In case you accept their Privacy Policies and send a direct message to the profile account belonging to the COMPANY on social media accounts (instagram, youtube, facebook, twitter, linkedin etc.) whose servers are located abroad and of which you are currently a user; You agree that the COMPANY will process your data in accordance with its own KVK Information Text and Privacy Principles and communicate with you through the relevant application.
Your Personal Data/Personal Data obtained and processed in accordance with the relevant legislation will be protected by taking administrative and technical measures and may be kept in the physical and digital archives (in physical and digital environments) belonging to the COMPANY for the periods specified in this information text.
Your personal data may be processed in accordance with the provisions of Article 5 of the KVKK within the scope of the data processing conditions and purposes specified in Law No. 6698.
TRANSFER OF PERSONAL DATA
The procedures and principles to be applied in personal data transfers are regulated in Articles 8 and 9 of the KVK Law, and the personal data and special personal data of the relevant person may be transferred to real or legal third parties.
Your personal data is obtained in all kinds of verbal, written or electronic media, in line with the purposes stated above, in order to provide the services we offer as a COMPANY within the determined legal framework and to fulfill our COMPANY’s responsibilities arising from the contract and the law completely and correctly within this scope. Your personal data collected for this legal reason can also be processed and transferred in accordance with the personal data processing conditions specified in Articles 5 and 6 of the Personal Data Protection Law and for the purposes stated above.
DEFINITION OF THE RECEIVER GROUP
PURPOSE OF TRANSFER OF PROCESSED DATA
Service Provider defines the parties that provide services to the COMPANY individually, on a contractual basis or without a contract, in accordance with the orders and instructions of the COMPANY while carrying out the commercial and investment activities of the COMPANY. Limited to the purpose of ensuring that the services that the COMPANY procures from the supplier as an external source and that are necessary for the fulfillment of the commercial activities of the COMPANY are provided to the COMPANY.
Company officials COMPANY board of directors members and other authorized real persons In accordance with the relevant legislation, the design of strategies regarding the commercial activities of the COMPANY, limited to the audit authority of the highest level management
Apart from these, since sharing your data through service providers whose servers are located abroad will be considered as “transfer abroad” and there is an “explicit consent condition” for transfer abroad, your explicit consent will be obtained in such cases. However, in the following cases, since there will be no overseas transfer by the COMPANY, YOUR EXPRESS CONSENT WILL NOT BE REQUIRED, YOUR EXPRESS CONSENT WILL BE OBTAINED BY THE SERVICE PROVIDER YOU ARE A USER OF;
You accept the Privacy Principles with the Disclosure Text and the processing of your Personal Data and Special Personal Data accordingly, and the COMPANY reaching you through the contact information you provided. By accepting their own Privacy Policy and International Transfer Principles, if you send a direct message to the COMPANY profile account on social media accounts (instagram, youtube, facebook, twitter, linkedin etc.) that you are currently a user of and whose servers are located abroad; you agree that the COMPANY will process your data in accordance with its own KVK Information Text and Privacy Principles and will contact you through the relevant application.
STORAGE, COLLECTION AND LEGAL REASONS OF PERSONAL DATA
Your Personal Data/Personal Data; for the purposes specified above; by the COMPANY; during and/or before and/or after your arrival;
e forms, verbally, in writing, visually or electronically, via telecommunication communication means such as telephone, SMS, MMS etc., via e-mails and similar channels you send, via the website, by automatic or non-automatic means, in writing, verbally or electronically, and stored in physical and digital environments.
Our COMPANY will be able to store the personal data it provides by complying with the relevant periods in case there is a period stipulated within the scope of the provisions of the legislation it is subject to; if such a period is not stipulated, only for the period necessary for the purpose for which it is processed. Your Personal Data will be deleted, destroyed or anonymized ex officio or upon the request of the personal data owner when the purpose requiring processing ceases to exist according to Article 7/f.1 of the KVKK and/or when the limitation/storage periods we require for processing your data in accordance with the legislation expire.
Your personal data is collected with all kinds of verbal, written, visual or electronic information and with your explicit consent, if required, within the framework of the legal reasons listed below.
Data processing is mandatory in order for us to fulfill our legal obligations as the data controller.
Data processing is mandatory for our legitimate interests as the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person.
Your explicit consent is present.
MEASURES TAKEN
COMPANY takes the necessary technical and administrative measures to prevent the unlawful processing of personal data it processes, to prevent unlawful access to data and to ensure the preservation of data, in accordance with Article 12 of the Personal Data Protection Law, and carries out or has the necessary inspections carried out within this scope. In the event that the processed personal data is obtained by third parties through illegal means despite all technical and administrative measures being taken, COMPANY notifies the relevant units of this situation as soon as possible.
All administrative and technical measures taken by the COMPANY to ensure that your personal data is stored securely, processed illegally, accessed, and destroyed in accordance with the law are listed below.
Administrative Measures:
Preparing the Personal Data Inventory and updating it when necessary
Preparing the Information Obligation and keeping this text in a medium accessible to personal data owners,
Performing VERBIS registration and updating these records in case of any change
Determining the current risks and threats,
Having the COMPANY and its personnel sign Confidentiality and Loyalty Agreements stating that in order to process personal data lawfully, it is necessary to act in accordance with the obligations stipulated by the Personal Data Protection Law, personal data should not be disclosed, personal data should not be used against the law and that the confidentiality obligation regarding personal data continues even after the termination of the employment contract with the COMPANY, adding provisions to these Agreements regarding the imposition of sanctions that may lead to termination of the employment contract in case of non-compliance with the said obligations,
Having the persons to whom the data is transferred sign a Confidentiality Commitment, In the agreements concluded by the COMPANY with the persons to whom personal data is lawfully transferred; to add provisions that the persons to whom personal data is transferred will take the necessary security measures for the protection of personal data and ensure that these measures are complied with in their own organizations,
To prepare a storage and destruction policy and to carry out the destruction processes appropriately,
To reduce personal data as much as possible,
To design and implement access and authorization processes for personal data within the COMPANY, To prevent unlawful access to personal data, to ensure the preservation of personal data,
To inform employees that they cannot disclose the personal data they have learned to others in violation of the provisions of the Personal Data Protection Law and cannot use it for purposes other than processing, and that this obligation will continue after they leave office, and to obtain the necessary confidentiality commitments from them in this regard,
To develop the qualifications and technical knowledge/skills of employees, to prevent unlawful processing of personal data,
To provide necessary training to COMPANY Personnel within the scope of personal data protection legislation and data security,
To report this situation to the relevant person and the Board as soon as possible in case the processed personal data is obtained by others through unlawful means.
Technical Measures:
Taking technical measures in accordance with technological developments, periodically updating and renewing the measures taken,
Taking necessary security measures regarding access to physical environments containing personal data (such as locked cabinets, etc.) and ensuring the security of physical environments against external risks,
Identifying risks to prevent unlawful processing
,
Take necessary security measures regarding entry and exit to physical environments containing personal data,
Ensure the security of physical environments containing personal data,
Ensure the security of physical environments containing personal data against external risks (fire, etc.),
Use up-to-date anti-virus systems,
Activate access and authorization technical solutions in accordance with legal compliance requirements determined on a business unit basis,
Limit access authorizations, review authorizations regularly,
Receive service from technical experts,
Rapidly notify the relevant person and board in case of detection of unlawful processing,
Use closed system network in personal data transfers via network,
Use strong passwords in electronic environments where personal data is processed,
Back up personal data, ensure the security of backed up personal data,
Create Authorization Matrix and Authorization Checklist
RIGHTS OF THE RELEVANT PERSON
Right to Apply Regarding Your Personal Data
It is important that the personal data we keep about you is accurate and up-to-date. Therefore, please notify us if there is a change in your personal data.
According to Article 11 of the Personal Data Protection Law, anyone whose personal data is processed may contact us by sending an e-mail to info@akmansteel.com and make requests regarding the following issues:
a) Learning whether their personal data has been processed,
b) Requesting information about their personal data if they have been processed,
c) Learning the purpose of processing their personal data and whether they are used in accordance with their purpose,
d) Learning the third parties to whom their personal data has been transferred domestically or abroad,
e) Requesting correction of their personal data if they have been processed incompletely or incorrectly,
f) Requesting their personal data to be deleted, destroyed or anonymized if the reasons requiring their processing are eliminated,
g) Requesting notification of the transactions carried out in accordance with clauses (e) and (f) to third parties to whom their personal data has been transferred,
h) Objecting to the emergence of a result to the detriment of the data owner by means of exclusively automated systems of their processed data,
i) Requesting compensation for the damages suffered due to the unlawful processing of their personal data.
REQUEST FOR CHANGE OF YOUR INFORMATION
The personal data we obtain and process from you must be accurate and up-to-date when necessary. Therefore, if there is any change in your personal data, you can notify our COMPANY.
