Entrance

In accordance with Article 20 of the Constitution of the Republic of Turkey, everyone has the right to request the protection of personal data regarding themselves. This right also includes the right to be informed about personal data about oneself, to access this data, to request its correction or deletion, and to learn whether it is used for its purposes.

The Personal Data Protection Law No. 6698 (“KVK Law”) regulates the protection of the fundamental rights and freedoms of individuals in the processing of personal data, and the obligations and procedures and principles to be followed by real and legal persons who process personal data. The purpose of this Policy, prepared in this direction, is to ensure compliance with the obligations regarding the KVK Law regulations.

Governed by politics; Protecting the personal data of Employee Candidates, Company Shareholders, Company Officials, Visitors, Employees, Shareholders and Officials of the Institutions We Collaborate with, and Third Parties. Written in parallel with the principles in this Policy regarding the protection of the personal data of our employees, ASDENAR PROJE Müş. Mime. Eng. Only. Inc. Its employees are managed under the Personal Data Protection and Processing Policy.

With the KVK Law and other relevant legislation, Asdenar Rulman Ticaret ve Sanayi A.Ş. If there is a conflict between the Personal Data Protection and Processing Policy, the legislation in force will apply.

  1. Aim

In order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data and to regulate the obligations of real and legal persons processing personal data and the procedures and principles to be followed by ASDENAR PROJE Müş. Mime. Eng. Only. Inc. (“Asdenar”)Personal Data Protection and Processing Policy (“Policy”) has been prepared.

With the policy, it has been adopted that the activities carried out by Asdenar will be continued and developed in accordance with the principles contained in the KVK Law.

  1. Scope

Data owners whose personal data are processed within the scope of this Policy are categorized as follows:

Employee Candidates

Natural persons who make their CV and relevant information accessible to Asdenar by applying for a job at Asdenar or by any means

Candidate Interns

Natural persons who make their CV and relevant information accessible to Asdenar by applying for an internship at Asdenar or by any other means

Former Employees

Former employees whose employment relationship with Asdenar has ended

Customers/Prospective Customers

Natural persons whose personal data are obtained due to business relationships within the scope of activities carried out by Asdenar, regardless of whether there is any contractual relationship

Supplier/Candidate Supplier

In order to provide a product or service to Asdenar, raw materials, products, etc. real person producers who provide

Visitors/Guests

Natural persons who have entered Asdenar's physical facilities for various purposes or visited its websites

Third Parties

Although not defined in the Policy, guarantors, family members, etc. whose personal data are processed within the framework of this Policy. other natural persons, including but not limited to

 

Regarding the process of processing the personal data of Asdenar employees by fully or partially automatic or non-automatic means provided that it is part of any data recording system, the "Policy for the Protection and Processing of Personal Data of Asdenar Employees" has been issued separately from this Policy.

  1. Definitions

The definitions used in this Policy are listed below:

Explicit consent

Consent regarding a specific issue, based on information and expressed with free will

Anonymise

Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data

Worker

All natural persons who work dependent on Asdenar for a definite or indefinite period of time

Employee candidate

Natural persons who make their CV and relevant information accessible to Asdenar by applying for a job at Asdenar or by any means

Candidate Interns

Natural persons who make their CV and relevant information accessible to Asdenar by applying for an internship at Asdenar or by any other means

Employee Data Owner Application Form

Application form that Asdenar employees will use when applying for their rights as described in Article 11 of the KVK Law as personal data owners

Personal health data

All kinds of health information regarding an identified or identifiable natural person

Personal Data

Any information regarding an identified or identifiable natural person

Processing of personal data

Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Any action performed on data, such as blocking

KVK Law

Personal Data Protection Law No. 6698

KVK Board

Personal Data Protection Board

KVK Institution

Personal Data Protection Authority

Special personal data

Data regarding people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data

TCK

Turkish Penal Code No. 5237

Data processor

Natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller

Personal data owner

The natural person whose personal data is processed and who is considered as the "relevant person" in the KVK Law

Data Owner Application Form

Application form that personal data owners, whose personal data are processed within Asdenar, will use when applying for their rights explained in Article 11 of the KVK Law.

Data controller

Natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system

Visitor/Guest

Natural persons who have entered Asdenar's physical facilities for various purposes or visited its websites

Data Controllers Registry

Data controllers' registry maintained by the Personal Data Protection Board

Data Inventory

Personal data processing activities carried out by Asdenar depending on its business processes; The inventory created and detailed by associating it with the personal data processing purposes, the recipient group to which personal data is transferred, and the relevant personal data owner group.
  1. General Principles Regarding the Processing of Personal Data

Pursuant to Article 3 of the KVK Law, personal data can be obtained, recorded, stored, preserved, changed, rearranged, disclosed, transferred, taken over by fully or partially automatic or non-automatic means provided that it is part of any data recording system, Any action performed on data, such as making it available, classifying it or preventing its use, falls within the scope of processing personal data.

It is mandatory to comply with the following principles in the processing of personal data:

  1. Complying with the law and the rules of honesty

Our company carries out its personal data processing activities in accordance with the law and the rules of honesty, in accordance with the Constitution, the Personal Data Protection Law and the relevant legislation.

  1. Be accurate and up to date when necessary

While processing personal data by our company, all kinds of administrative and technical measures are taken to ensure the accuracy and up-to-dateness of personal data.

  1. Processing for specific, clear and legitimate purposes

Our company clearly and precisely determines the purpose of processing personal data before starting the processing of personal data.

  1. Be relevant, limited and proportionate to the purpose for which they are processed

Personal data is processed by our company as necessary to achieve the specified purposes. Data processing is not carried out with the assumption that it can be used later.

  1. To be stored for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.

Our company stores personal data for a limited period of time stipulated in the KVK Law and relevant legislation or required for the purposes of data processing.

  1. Conditions for Processing Personal Data

Our company may process personal data and sensitive personal data with the express consent of the personal data owner or without explicit consent in cases stipulated in Articles 5 and 6 of the KVK Law.

5.1. Processing of Personal Data

Our company carries out its personal data processing activities in accordance with the data processing conditions set out in Article 5 of the KVK Law:

  1. It is clearly prescribed by law.
  2. It is necessary for the protection of the life or physical integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity.
  3. It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
  4. It is mandatory for our company to fulfill its legal obligations.
  5. Personal data has been made public by the owner herself.
  6. Data processing is mandatory for the establishment, exercise or protection of a right.
  7. It is mandatory to process data for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

5.2. Processing of Special Personal Data:

Our company carries out the processing of personal data of special nature, which carries the risk of discrimination when processed unlawfully, in accordance with the data processing conditions set out in Article 6 of the KVK Law. It is prohibited to process special personal data without the express consent of the personal data owner. However, provided that adequate measures determined by the KVK Board are taken, special categories of personal data may be processed in the following cases, despite the lack of explicit consent of the personal data owner:

  1. Processing of Personal Health Data:

Personal health data; It may be processed if one of the conditions listed below is met, provided that (i) taking adequate measures to be prescribed by the Ministry of Health, (ii) acting in accordance with general principles, (iii) being under the obligation of confidentiality:

– Written explicit consent of the personal data owner

– Protection of public health

– Preventive medicine

– Providing medical diagnosis, treatment and care services,

– Planning and management of health services and financing

  1. Processing of Special Personal Data Except for Health and Sexual Life

Data within this scope will only be possible with the express consent of the personal data owner or in cases stipulated by law.

5.3. Categorization of Personal Data Processed by Our Company

Categories of Personal Data Processed by Asdenar

Personal Data Category

Description

Data Owner Category to which the Relevant Personal Data is Related

Identity Information

Provided that it is not limited to name-surname, TR ID number, nationality information, parents' names, place of birth, date of birth, gender and SSI number; All information contained in documents such as driver's license, identity card, residence

Third Parties, Customers, Prospects, Suppliers, Visitors, Prospects for Employees

Communication information

Information such as telephone number, address, e-mail, fax number, website, social media accounts,

Customers, Prospective Customers, Employee Candidates, Visitors, Suppliers

Customer information

Our commercial activities and business within this framework

Customers

5.3. Categorization of Personal Data Processed by Our Company

 

Personal Data Categories Processed by Asdenar Personal Data Category

 

Description

 

Data Owner Category to which the Relevant Personal Data is Related

Identity Information

Provided that it is not limited to name-surname, TR ID number, nationality information, parents' names, place of birth, date of birth, gender and SSI number; All information contained in documents such as driver's license, identity card, residence

Third Parties, Customers, Prospects, Suppliers, Visitors, Prospects for Employees

Communication information

Information such as telephone number, address, e-mail, fax number, website, social media accounts,

Customers, Prospective Customers, Employee Candidates, Visitors, Suppliers

Customer information

Our commercial activities and business within this framework

Information obtained and produced about the relevant person as a result of the operations carried out by our units

 

Customers

 

Customer Transaction Information

Information such as records regarding the use of our products and services and the customer's instructions and requests necessary for the use of products and services.

Customers

Supplier, Candidate Supplier

Information required to offer the product or service

Supplier, Candidate Supplier

Transaction Security Information

Personal data processed to ensure technical, administrative, legal and commercial security during the conduct of Asdenar's commercial activities

Customers, Visitors, Suppliers

Risk Management Information

Personal data processed through methods used in accordance with generally accepted legal, commercial customs and honesty rules in these areas so that we can manage our commercial, technical and administrative risks.

Customers

Financial Information

Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship established with the personal data owner.

Customers, Suppliers

Employee Candidate Information

Personal data processed regarding individuals who have applied to become Asdenar employees or who have been evaluated as employee candidates in line with the human resources needs of our company in accordance with commercial practices and honesty rules, or who are in a working relationship with Asdenar.

Employee Candidates

Candidate Intern Information

Personal data processed regarding individuals who have applied to be an Asdenar intern or who have been evaluated as an intern candidate in line with the human resources needs of our company in accordance with commercial practices and honesty rules, or who are in a working relationship with Asdenar.

Intern Candidates

Güvenlik Bilgisi

Personal data regarding camera recording and keeping of records by Asdenar for security purposes,

Security Information

Legal Action and Compliance Information

Personal data processed within the scope of determining and pursuing our legal receivables and rights and fulfilling our debts

Customers, Suppliers, Third Parties (Execution Buyers etc.)

Audit, Inspection and Compliance Information

Personal data processed within the scope of Asdenar's legal obligations and compliance with company policies

Customers, Employee Candidates, Visitors, Suppliers

Special Personal Data

As stated in Article 6 of the KVK Law; Data regarding people's race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data, Blood group, health information, religion.

Suppliers, Visitors

 

Marketing Information

Personal data processed for the marketing of our products and services by customizing them in line with the usage habits, tastes and needs of the personal data owner, and reports and evaluations created as a result of this processing.

Customers, Prospective Customers

Request / Complaint Management Information

Personal data regarding the receipt and evaluation of any requests or complaints directed to Asdenar.

Customers, Employee Candidates, Visitors, Third Parties
  1. Ensuring the Security and Confidentiality of Personal Data

In accordance with Article 12 of the KVK Law, our company takes all necessary technical and administrative measures to prevent unlawful processing and access of the personal data it processes and to ensure the appropriate level of security to ensure the preservation of personal data.

6.1. Technical Measures Taken to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access

Asdenar has taken all kinds of technical and technological security measures to protect personal data and has protected personal data against possible risks.

To this end;

– Takes technical precautions to the extent technology allows,

– Persons who are experts in technical matters are employed and/or outsourced services on these matters,

– Inspects the implementation of the measures taken at regular intervals,

– Necessary software and infrastructure are created to ensure security,

– Access to data being processed within Asdenar is limited,

– Uses a backup program in accordance with the law to ensure that personal data is stored safely,

– Uses software that includes virus protection systems.

6.2. Administrative Measures Taken to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access

– Training and raising awareness of company employees regarding the KVK Law,

– In cases where personal data is transferred, ensuring that a record is added to the contracts concluded with the persons to whom the personal data is transferred, stating that the party to which the personal data is transferred will ensure data security,

– Determining what needs to be fulfilled in order to comply with the KVK Law and preparing internal procedures for their implementation.

6.3. Will Be Received in Case of Illegal Disclosure of Personal Data Tedbirler

If the processed personal data is obtained by others through illegal means, our Company will notify the relevant data owner and the KVK Board as soon as possible.

  1. Purposes of Processing of Personal Data and Storage Periods

7.1. Purposes of Processing Personal Data

Personal data is processed by our company for the following purposes:

– Creating test requests from the customer and carrying out the tests,

– Carrying out follow-up procedures for shareholders, determining general assembly participants and carrying out registration procedures.

– Carrying out goods acceptance procedures, entering material identification and notifications into the system, tracking goods and service purchases, tracking transportation companies,

– Taking customer orders, filling out customer evaluation survey forms,

– Tracking customers and entering customer information into the system, carrying out customer performance discount studies,

– Tracking subcontractor progress payments, tracking subcontractor payments, tracking subcontractors,

– Investigating suspicious persons who are candidate suppliers,

– Supplier registration and inspections, collection of necessary documents for the tender, financial analysis of the supplier

– Providing insurance and financing services, carrying out the necessary transactions in accordance with the needs of the business,

– Mail order dahil fakat bunlarla sınırlı olmamak üzere, alacaklarımızın tahsilatı için gerekli işlemlerin gerçekleştirilmesi,

– Issuing invoices for our services and sending e-archive invoices to the e-mail addresses you have provided to us,

– Receiving technological services on matters that are not directly provided by us and do not fall within our field of expertise,

– Ensuring financial reconciliation with our business partners and/or third parties regarding our products and services,

– Carrying out processes regarding employee candidates,

– Carrying out processes regarding intern candidates,

– Execution/monitoring of financial reporting and risk management transactions,

– Execution/follow-up of legal affairs and transactions,

– Planning and executing the necessary audit activities to ensure that the activities are carried out in accordance with our Company's procedures and relevant legislation,

– Providing information to authorized institutions and organizations regarding the legislation,

– Planning and execution of corporate sustainability activities,

– Carrying out work to protect the reputation of our company,

– Management of request and complaint processes,

– Planning and execution of corporate management and communication activities,

– Creating and tracking visitor records,

– Taking fingerprints to control workplace entrances and exits and ensure security,

– Keeping security camera footage to create a security record.

7.2. Storage Periods of Personal Data

Our company determines whether a period of time is stipulated in the relevant legislation for the storage of personal data. If a period is stipulated in the relevant legislation, it complies with this period; If a period is not specified, it retains personal data for the period necessary for the purpose for which they are processed. If the purpose of processing personal data has expired and the retention periods determined by the relevant legislation and/or our Company have expired, it can only be stored for the purpose of serving as evidence in possible legal disputes, asserting the relevant right based on personal data, or establishing a defense. Personal data is not stored by our Company based on the possibility of its use in the future.

  1. Deletion, Destruction and Anonymization of Personal Data

Pursuant to Article 7 of the KVK Law, although personal data has been processed in accordance with the relevant legislation, if the reasons requiring processing are eliminated, personal data is deleted, destroyed or anonymized by our Company ex officio or upon the request of the personal data owner.

The procedures and principles regarding this matter will be fulfilled in accordance with the KVK Law and the secondary legislation that will form the basis of this Law.

8.1. Deletion and Destruction Techniques of Personal Data

Personal data processed within our company, in accordance with the Regulation on Deletion, Destruction or Anonymization of Personal Data;

  1. i) Making personal data inaccessible and unusable for relevant users in any way (deleting personal data),
  2. ii) Making personal data inaccessible, irretrievable and unusable for the relevant users (destruction of personal data),

In order to be physically deleted from systems, it will be securely deleted.

8.2. Techniques for Anonymization of Personal Data

It refers to making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data. Within the scope of the KVK Law and relevant legislation, secure methods, including but not limited to masking, data derivation, use of pseudonyms, will be used to anonymize personal data.

  1. Third Parties to whom Personal Data is Transferred and Purposes of Transfer

The procedures and principles to be applied in personal data transfers are regulated in Articles 8 and 9 of the Personal Data Protection Law, and the personal data and sensitive personal data of the personal data owner can be transferred to third parties at home and abroad. In order to provide its services, your personal data may be processed by Asdenar, including but not limited to the Law and other legislation, other regulations regarding the law, regulations of supervisory and regulatory institutions and organizations, and situations required by public authorities.

9.1. Transfer of Personal Data Domestically

In accordance with Article 8 of the KVK Law, the transfer of personal data within the country will be possible provided that one of the conditions specified in Section 6 of this Policy titled "Conditions of Processing of Personal Data" is met.

9.2. Transfer of Personal Data Abroad

In accordance with Article 9 of the KVK Law, in case personal data is transferred abroad, in addition to the conditions for domestic transfers being met, one of the following issues is required:

– The country to be transferred is considered to be among the countries with adequate protection declared by the KVK Board, or

– If there is no adequate protection in the country to be transferred, the data controllers in Turkey and the relevant foreign country must undertake in writing to provide adequate protection and have the permission of the KVK Board.

9.3. Person Groups to whom Personal Data is Transferred by Our Company

Our Company may transfer the personal data of personal data owners within the scope of this Policy to the following groups of people for the specified purposes, in accordance with Articles 8 and 9 of the KVK Law:

PERSON GROUPS

DEFINITION

PURPOSE OF TRANSFER

Public institutions and organizations

Public institutions and organizations requesting our Company's information and documents in accordance with the relevant legislation provisions

Limited to the purpose requested by relevant public institutions and organizations

Private Legal Persons

Private law persons who request and receive information and documents from our Company in accordance with the relevant legislation provisions

Limited to the purpose requested by the relevant private law persons.
  1. Our Company's Disclosure Obligation

Our company, in accordance with Article 10 of the KVK Law, personal data owners must be informed during the collection of personal data. In this context, our Company fulfills its obligation to inform on the following issues:

  1. Our Company's title as data controller,
  2. For what purpose personal data will be processed,
  3. To whom and for what purpose the processed personal data can be transferred,
  4. To whom and for what purpose the processed personal data can be transferred,
  5. Rights of the personal data owner.
  6. Rights of Personal Data Owners and Exercise of These Rights

In accordance with Article 13 of the KVK Law, the evaluation of the rights of personal data owners and the necessary information to personal data owners are carried out through this Policy as well as the Asdenar Data Owner Application Form. Personal data owners may submit their complaints or requests regarding the processing of their personal data to us within the framework of the principles specified in the relevant form.

11.1. Right of Application

In accordance with Article 11 of the KVK Law, anyone whose personal data is processed can contact our Company and make requests regarding the following issues:

  1. Learning whether personal data is being processed or not,
  2. Requesting information if personal data has been processed,
  3. Learning the purpose of processing personal data and whether they are used in accordance with their purpose,
  4. Learning about third parties to whom personal data is transferred domestically or abroad,
  5. Requesting correction of personal data in case of incomplete or incorrect processing and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
  6. Requesting the deletion, destruction or anonymization of personal data in case the reasons requiring the processing of personal data disappear, and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
  7. Object to the emergence of a result that is unfavorable to the data owner by analyzing the processed data exclusively through automatic systems,
  8. Request compensation for damages in case of damage due to unlawful processing of personal data.

11.2. Situations Excluded from the Scope of the Right of Application

In accordance with Article 28 of the KVK Law, personal data owners will not be able to assert their rights in the following cases:

  1. Processing of personal data by natural persons within the scope of activities related entirely to themselves or their family members living in the same residence, provided that they are not given to third parties and obligations regarding data security are complied with.
  2. Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.
  3. Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
  4. Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public safety, public order or economic security.
  5. Processing of personal data by judicial authorities or enforcement authorities regarding investigation, prosecution, trial or enforcement proceedings.

In accordance with the 2nd paragraph of Article 28 of the KVK Law, data owners will not be able to assert their rights, except for the right to demand compensation for damages:

  1. Processing of personal data is necessary for the prevention of crime or criminal investigation.
  2. Processing of personal data made public by the data subject.
  3. Processing of personal data is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions and organizations and professional organizations that are public institutions, based on the authority granted by the law.
  4. Personal data processing is necessary to protect the economic and financial interests of the State regarding budget, tax and financial matters.

11.3. Response Procedure

In accordance with Article 13 of the KVK Law, our Company will finalize the application requests made by the personal data owner, free of charge, as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request.

The application of the personal data owner may be rejected in the following cases:

  1. Preventing the rights and freedoms of other people,
  2. Requires disproportionate effort,
  3. The information is public information,
  4. Endangering the privacy of others,
  5. Existence of one of the situations that are excluded from the scope in accordance with the KVK Law.
  6. Personal Data Processing Activities Performed Within the Company and Data Processing Activities Performed on the Website

12.1. Camera Monitoring and Fingerprinting within the Company

In order to protect the interests of our Company and other persons regarding security, camera monitoring and fingerprinting are carried out within our Company.

In line with the regulations in the KVK Law, this Policy is published on our website by our Company regarding camera monitoring activities and a notification letter stating that monitoring is carried out is posted at the entrances of the areas where monitoring is carried out.

Monitoring is not possible in areas that may interfere with a person's privacy. Security camera recordings can only be accessed by a limited number of our Company employees and, if needed, by security company employees who act as suppliers. Those persons who have access to the records declare that they will protect the confidentiality of the data they access, with the confidentiality commitment they sign.

12.2. Entries and Exits of Customers/Visitors Visiting the Company

Personal data processing activities are carried out to track the entry and exit of our guests visiting our company. While the name-surname, telephone number, TR Identity Number and e-mail address information of the people coming to our company are obtained, the data in question is processed only for this purpose and the relevant personal data is recorded in the physical environment in the registration system.

12.3. Website Visitors

Internet movements within the site are recorded so that visitors to our company's website can be shown customized content and engage in online advertising activities (via technical means, such as cookies) so that they can fulfill their visit purposes. Detailed explanations about these activities of our company are included in the Privacy Policy texts on our website.

This Policy may be revised by Asdenar when deemed necessary. In cases of revision, the most current version of the Policy will be available on the Company's website.

ASDENAR PROJE Müş. Mim. Müh. Tek. A.Ş.