DAF MANAGEMENT AND ENERGY SYSTEMS INC. As (“Company”), we attach utmost importance to the legal processing and protection of personal data in accordance with the Personal Data Protection Law No. 6698 (“Law”) and act with this care in all our planning and activities. With this awareness, we present this Personal Data Processing and Protection Policy (“Policy”) to your information in order to fulfill our obligation to inform and to inform you of all administrative and technical measures we have taken within the scope of processing and protecting personal data.
1.2. Purpose of Policy
The main purpose of this Policy is to make statements about the systems for the processing and protection of personal data in accordance with the law and the purpose of the Law, to inform the relevant persons, to ensure full compliance with the legislation in the processing and protection of personal data activities and to ensure that personal data owners are informed of all obligations arising from the legislation regarding personal data. protection of their rights.
1.3. Scope of the Policy and Personal Data Owners
This Policy; Persons whose personal data are processed by our Company, especially Company Shareholders, Company Officials, Employees, Employee Relatives, Visitors, Direct or Indirect Company Customers, Company Suppliers, Potential Customers, through automatic or non-automatic means provided that it is part of any data recording system. Prepared for. The policy does not include any data belonging to legal entities.
Personal data owners within the scope of the policy are as follows:
|
Company Shareholder |
: |
It refers to real persons who own shares in the company. |
|
Company official |
: |
Members of the board of directors of the Company and other authorized real persons. |
|
Company Suppliers |
: |
It refers to all real persons, including employees, shareholders and officials of real and legal persons with whom the Company has all kinds of business relations. |
|
Worker |
: |
It refers to real persons who have a relationship with the company within the scope of an employment contract. |
|
Employee Relative |
: |
It refers to first-degree relatives whose information is shared by real persons who have a relationship with the company within the scope of an employment contract. |
|
Potential Customer |
: |
It refers to real persons who have requested or are interested in using the Company’s products and services. |
|
Visitor |
: |
It refers to all real persons who enter the physical premises owned by the Company for various purposes or visit the websites for any purpose. |
|
Company Customers |
: |
It refers to real persons who use or have used the products and services offered by the Company within the scope of a direct and/or indirect contractual relationship with the Company. |
1.4.Definitions
The concepts included in this Policy have the following meanings:
|
Data Controller |
: |
It refers to real or legal persons who determine the purposes and methods of processing personal data and are responsible for establishing and managing the data recording system. |
|
Personal Data |
: |
It refers to all kinds of information regarding an identified or identifiable natural person. |
|
Special Personal Data |
: |
Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data. |
|
Processing of Personal Data |
: |
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. It is any operation performed on data, such as blocking. |
|
Personal Data Owner/Relevant Person |
: |
Company Shareholders, Company Officials, Employee Candidates, Employees, Employee Relatives, Visitors, Company Customers, Company Suppliers, Potential Customers |
|
Data Recording System |
: |
It refers to a registration request in which personal data is structured and processed according to certain criteria. |
|
Data Processor |
: |
It is a real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. |
|
Explicit Consent |
: |
It expresses the consent of the Personal Data Owner/Relevant person regarding a certain subject, based on being informed and expressed with free will. |
|
Law |
: |
It refers to the Personal Data Protection Law No. 6698. |
|
KVK Board |
: |
It is the Personal Data Protection Board. |
1.5. Enforcement of Policy
This Policy is prepared by the Company and published on the Company’s website (www.dafenerjiyonetimi.com) and made available to relevant persons upon the request of personal data owners.
–
SECOND PART
2. PROCESSING AND TRANSFER OF PERSONAL DATA
2.1. General Principles in Processing Personal Data
Personal Data is processed by the Company in accordance with the procedures and principles set forth in the Law and this Policy. The Company acts in accordance with the following principles when processing Personal Data:
- Personal Data is processed in accordance with the relevant legal rules and the requirements of the rule of good faith.
- Personal Data is ensured to be accurate and up to date. In this context, issues such as determining the sources from which the data is obtained, confirming its accuracy, and evaluating whether it needs to be updated are carefully taken into account.
- Personal Data; Processed for specific, explicit and legitimate purposes. A legitimate purpose means that the Personal Data processed by the Company is related to and necessary for the work it performs or the service it offers.
- Personal Data is linked to the purpose in order to achieve the purposes determined by the Company, and the processing of Personal Data that is not relevant or needed to achieve the purpose is avoided. The Company limits the data it processes to only what is necessary to achieve the purpose. Personal Data processed in this context is related to the purpose for which they are processed, limited and proportionate.
- If there is a period stipulated in the relevant legislation for the storage of data, these periods are complied with. If there is no period, Personal Data is retained only for the period necessary for the purpose for which it is processed. If there is no longer a valid reason to retain the processed Personal Data, such data will be deleted, destroyed or anonymized.
2.2. Method and Legal Reason for Collecting Personal Data
Personal Data, for the purpose of checking its compliance with Article 1, which regulates the purpose of the Law, and Article 2, which regulates the scope of the Law; in all kinds of oral, written and electronic media; It is collected by technical and other methods, through various means such as the Company website, in order to achieve the purposes set out in the Policy, within the framework of legislation, contract, demand and optional legal reasons, in order to fulfill the responsibilities arising from the law completely and accurately, and to the Company or those assigned by the Company. processed by data processors.
2.3. Conditions for Processing Personal Data
The company may process personal data with the consent of the data owner in accordance with the relevant law. If one of the following conditions is met, personal data may be processed without the explicit consent of the data owner.
- The company may process personal data in cases clearly provided for by law.
- Processing may be carried out in cases where it is necessary to protect the life or physical integrity of the data subject, who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity.
- Personal Data belonging to the parties to the contract may be processed, provided that it is directly related to the establishment or execution of a contract by the Company.
- The company may process it if necessary to fulfill its legal obligations as the data controller.
- Personal Data made public by the Personal Data Owners themselves, in other words, disclosed to the public in any way, may be processed by the Company.
- The Company may process data in cases where data processing is necessary for the exercise or protection of a legally legitimate right.
- The Company may process Personal Data in cases where it is necessary to process Personal Data to ensure its legitimate interests, provided that it does not harm the fundamental rights and freedoms of Personal Data Owners protected under the Law and Policy.
The Company shows the necessary sensitivity in complying with the basic principles regarding the protection of Personal Data and observing the balance of interests of Personal Data Owners.
2.4. Conditions for Processing of Special Personal Data
The Company may process Special Personal Data with the explicit consent of the data owner in accordance with the relevant law. However, Personal Data other than health and sexual life may be processed without the explicit consent of the relevant person in cases stipulated by law. Personal Data regarding health and sexual life may be processed by the Company only for the purposes of protecting public health, preventive medicine, medical diagnosis and treatment and care services, planning and management of health services and their financing, without seeking the explicit consent of the relevant person, under conditions where we are under a confidentiality obligation. The Company carries out the necessary procedures to take adequate measures determined by the Board in the processing of Special Personal Data.
2.5. Conditions for Transfer of Personal Data
Our Company transfers Personal Data in line with the purposes of processing, taking the necessary confidentiality and security measures and acting in accordance with the regulations stipulated in the Law. In this context, our Company may provide Personal Data to third parties, based on one or more of the Personal Data processing conditions specified in Article 5 of the Law, listed below, for legitimate and lawful Personal Data processing purposes:
- If there is explicit consent of the Personal Data owner,
- If there is a clear regulation in the law regarding the transfer of Personal Data,
- In case of compulsory situations to protect the life or physical integrity of the Personal Data owner or someone else,
- If the Personal Data owner is unable to express his/her consent due to actual impossibility or if his/her consent is not given legal validity,
- If it is necessary to transfer the Personal Data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
- If Personal Data transfer is mandatory to fulfill our company’s legal obligations,
- If Personal Data has been made public by the Personal Data owner,
- If Personal Data transfer is mandatory for the establishment, exercise or protection of a right,
- Provided that it does not harm the fundamental rights and freedoms of the Personal Data owner, personal data may be transferred if the transfer of Personal Data is mandatory for the legitimate interests of the Company.
2.6. Conditions for Transfer of Special Personal Data
The Company takes maximum care and security measures in line with the relevant law and the decisions made by the KVK Board; In line with legitimate and lawful Personal Data processing purposes, the Personal Data Owner’s Special Personal Data may be transferred to third parties in the following cases.
In case of express consent of the Personal Data Owner,
Or, in the presence of the following conditions, without the express consent of the Personal Data Owner;
- Personal Data of Special Nature regarding the health and sexual life of the Personal Data Owner can only be processed by persons who are under the obligation to keep confidentiality, for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, or It can be transferred by authorized institutions and organizations.
THIRD PART
3. CLASSIFICATION OF PERSONAL DATA, PURPOSES OF PROCESSING AND TRANSFER, PERSONS TO WHICH THEY WILL BE TRANSFERRED
3.1. Classification of Personal Data
It is stated in this section that the personal data processed in these categories are associated with which data owners are regulated within the scope of this Policy.
|
PERSONAL DATA CATEGORIZATION
|
PERSONAL DATA CATEGORIZATION DESCRIPTION |
|
Identity Information
|
Clearly belongs to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of the data recording system; These are data that contain information about the identity of the person. For example; Name-surname, T.R. Documents such as driver’s license, identity card and passport containing information such as identity number, nationality information, mother’s name-father’s name, place of birth, date of birth, gender, as well as tax number, SSI number, signature information and similar information. |
|
Communication information |
Clearly belongs to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of the data recording system; Information such as telephone number, address, e-mail address, fax number, IP address. |
|
Transaction Security Information
|
Personal data processed regarding the technical, administrative, legal and commercial security of both the Personal Data Owner and the Company while carrying out the activities of the Company. |
|
Family Members and Relative Information
|
Clearly belongs to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of the data recording system; Information about the Personal Data Owner’s family members (e.g. spouse, mother, father, child), relatives, regarding products and services within the framework of operations carried out by the Company’s business units or in order to protect the legal and other interests of the Company and the Personal Data Owner. |
|
Physical Location Security Information
|