AY TEKS TEXTILE INDUSTRY AND FOREIGN TRADE LTD.
PERSONAL DATA PROTECTION AND PROCESSING POLICY
1. INTRODUCTION
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. (Company) attaches importance to the protection of personal data and accepts it among its priorities. Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. Personal Data Protection and Processing Policy (Policy) explains the basic principles adopted for the compliance of Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. with the personal data processing principles regulated under the Personal Data Protection Law No. 6698 (Law). In accordance with these principles, our company provides the necessary transparency by informing personal data owners. Personal data are processed and protected in line with the procedures and principles of the Policy, with the high-level responsibility and awareness of Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti.
1.1. Objective
With this Policy, Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. It is aimed to be harmonized with the Law and to be implemented effectively in its activities. In line with the following “Annex 1- Personal Data Processing Purposes”, all kinds of administrative and technical measures have been taken by our Company in terms of processing and protection of personal data, necessary internal procedures have been established, all necessary trainings have been provided to raise awareness, all necessary measures have been taken for the compliance of partners, officials, employees and business partners with the Law processes, and appropriate and effective audit mechanisms have been established.
1.2. Scope
All personal data of persons other than Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. employees, which are processed automatically or non-automatically provided that they are part of any data recording system, are covered by the Policy.
1.3 . Basis
The relevant legislation in force regarding the processing and protection of personal data of Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. and the Policy in accordance with these regulations will be applied. In case of incompatibility between the legislation in force and the Policy, the legislation in force shall apply. The regulations stipulated by the relevant legislation are transformed into Company practices with the Policy.
1.4. Definitions:
Explicit consent | It refers to consent on a specific subject, based on information and expressed with free will. |
Application Form | The application form for the applications to be made by the relevant person (Personal Data Owner) to the data controller, prepared in accordance with the Law No. 6698 on the Protection of Personal Data and the Communiqué on the Procedures and Principles of Application to the Data Controller issued by the Personal Data Protection Authority, which includes the application to be made by personal data owners to exercise their rights. |
Related User | Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data. |
Destruction | Deletion, destruction or anonymization of personal data. |
Recording Media | Any medium containing personal data that is fully or partially automated or processed by non-automated means, provided that it is part of any data recording system. |
Personal Data | Any information relating to an identified or identifiable natural person. |
Processing of Personal Data | Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system. |
Anonymization of Personal Data | Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data. |
Personal Data Owner | The real person whose personal data is processed by or on behalf of Ay Teks Tekstil Sanayi ve Dış Tic. Ltd. Şti. by or on behalf of the real person whose personal data are processed. |
Deletion of Personal Data | Deletion of personal data; making personal data inaccessible and non-reusable in any way for the Relevant Users to be brought in. |
Destruction of Personal Data | The process of making personal data inaccessible, irretrievable and non-reusable by anyone in any way. |
Board | Personal Data Protection Board |
Institution | Personal Data Protection Authority |
Sensitive personal data | Data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. |
Periodic destruction | In the event that all of the conditions for processing personal data specified in the Law disappear, the deletion, destruction or anonymization process to be carried out ex officio at recurring intervals specified in the personal data storage and destruction policy. |
Data Processor | A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller. |
Data Recording System | A recording system where personal data is structured and processed according to certain criteria. |
Data subject / Data subject | The natural person whose personal data is processed. |
Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
Data Representative | A natural person appointed to fulfill the duties of the Data Controller within the scope of the relevant articles of law in accordance with the Law. |
Regulation | Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette on October 28, 2017 |
2. PERSONAL DATA PROTECTION ISSUES
2.1. Ensuring the Security of Personal Data
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. takes the necessary measures stipulated in Article 12 of the Law, depending on the nature of the data, to prevent unlawful disclosure, access, transfer or other security problems that may arise in other ways. Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. takes measures and conducts audits to ensure the necessary level of personal data security in accordance with the guidelines published by the Personal Data Protection Board.
2.2. Protection of Special Categories of Personal Data
Measures taken to protect data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or trade union membership, health, sexual life, criminal conviction, security measures and biometric and genetic data of the data subject are carefully implemented and necessary audits are carried out.
Detailed information on the processing of sensitive personal data is provided in Article 3.3 of the Policy.
2.3. Raising Awareness on Protection and Processing of Personal Data
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. provides the necessary trainings to those concerned in order to ensure that personal data is processed and accessed in accordance with the law, and to raise awareness about the protection of data and the use of rights.
In order to increase employees’ awareness of personal data protection, our Company creates the necessary business processes and receives support from consultants if needed. The deficiencies encountered in practice and the results of the trainings are evaluated by Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. management. With these evaluations, new trainings can be organized if needed depending on the changes in the relevant legislation.
3. PROCESSING OF PERSONAL DATA
3.1. Processing of Personal Data in Compliance with the Legislation
Personal data is processed in accordance with the legislation in line with the principles listed below:
i. Processing in accordance with the Law and Good Faith
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. processes personal data to the extent required by its business activities, limited to these, in a manner that does not harm the fundamental rights and freedoms of individuals, in accordance with the general rule of trust and honesty.
ii. Ensuring that Personal Data is Up-to-date and Accurate
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. takes necessary measures and operates systems to keep the personal data it processes up-to-date and accurate.
iii. Processing for Specific, Explicit and Legitimate Purposes
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. processes personal data depending on the legitimate purposes determined and explained in the business activities carried out.
iv. Being relevant, limited and proportionate to the purpose for which they are processed
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. collects personal data to the extent and quality required by its business activities and processes them limited to the specified purposes.
v. Preservation for as Long as Necessary
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. retains personal data for the minimum period stipulated in the relevant legislation and required for the purpose of processing. First of all, Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. keeps personal data for the minimum period stipulated in the relevant legislation for the storage of personal data; If not stipulated, personal data are kept for the period required for the purpose for which they are processed. At the end of the retention periods, personal data are destroyed by appropriate methods (deletion, destruction or anonymization) in accordance with the periodic destruction (every 6 months) periods or data owner application.
3.2. Conditions of Processing of Personal Data:
Except for the explicit consent of the personal data owner, personal data processing activity may be processed based on only one or more than one of the following conditions. Processing of special categories of personal data is based on the conditions regulated in Article 3.3 of the Policy (Processing of Special Categories of Personal Data).
i. Explicit Consent of the Personal Data Owner:
Processing of personal data is done with the explicit consent of the data subject. Explicit consent of the personal data owner: It is realized by informing him/her on a specific subject and obtaining his/her free will. If any of the conditions listed below are present, personal data may be processed without the explicit consent of the data subject.
a. Explicitly Regulated in Laws
In the event that there is a clear regulation in the laws regarding the processing of personal data, personal data may be processed without the consent of the data subject.
b. Failure to Obtain the Explicit Consent of the Relevant Person Due to Actual Impossibility
The personal data of the data subject may be processed if it is mandatory to process the personal data of the person who is unable to disclose his/her consent due to actual impossibility or whose consent cannot be recognized as valid, in order to protect his/her or another person’s life or physical integrity.
c. Direct Relevance to the Establishment or Performance of the Contract
The personal data of the data subject may be processed if the processing of personal data is directly related to the establishment or performance of a contract to which the data subject is a party.
d. Fulfillment of Legal Obligation by Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti.
While Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. fulfills its legal obligations, personal data of the data subject may be processed if personal data processing is mandatory.
e. Publicization of Personal Data by the Personal Data Owner
Personal data belonging to data subjects who publicize their personal data may be processed limited to the purpose of publicization.
f. Mandatory Data Processing for the Establishment or Protection of a Right
Personal data of the data subject may be processed if data processing is mandatory for the establishment, exercise or protection of a right.
g. Mandatory Data Processing for the Legitimate Interest of the Company
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is mandatory for the legitimate interests of the Company.
3.3. Processing of Special Categories of Personal Data
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. processes sensitive personal data in accordance with the principles set out in the Law and the Policy, by taking all necessary administrative and technical measures with the methods to be determined by the Board, under the following conditions:
i. Sensitive personal data other than health and sexual life may be processed without the explicit consent of the data subject if there is an explicit provision in the laws regarding its processing. In cases not explicitly stipulated in the laws, the explicit consent of the data subject shall be obtained.
ii. Sensitive personal data relating to health and sexual life may be processed by persons or authorized institutions and organizations under confidentiality obligation: for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking the explicit consent of the data subject. Otherwise, the explicit consent of the data subject shall be obtained.
3.4. Informing the Personal Data Owner
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. informs personal data owners in accordance with the relevant legislation about the purposes for which their personal data is processed, for which purposes it is shared with whom, by which methods it is collected, the legal reason and the rights of data owners in the processing of personal data.
3.5. Transfer of Personal Data
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. may transfer personal data to third parties (third party companies, third real persons) in accordance with the law by taking the necessary security measures in line with the purposes of personal data processing. In order to carry out the transfer transactions in accordance with the regulations stipulated in Article 8 of the Law, it carries out the transactions according to the document “ANNEX 3- Third Parties to whom Personal Data is Transferred and the Purposes of Transfer” attached to the Policy.
i. Transfer of Personal Data
Although the explicit consent of the personal data owner is required for the transfer of personal data, personal data may be transferred to third parties based on one or more of the following conditions, by taking all necessary security measures, including the methods stipulated by the Board.
a. It is expressly provided for in the law,
b. It is directly related to and necessary for the conclusion or performance of a contract,
c. It is mandatory for Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. to fulfill its legal obligation,
d. Limited to the purpose of publicization, provided that the personal data has been made public by the data subject,
e. It is mandatory for the establishment, use or protection of the rights of Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. or the data subject or third parties,
f. It is mandatory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data subject,
g. Persons who are unable to disclose their consent due to actual impossibility or who have given their consent
it is necessary for the protection of the life or physical integrity of the person to whom legal validity is not granted, or of another person.
Personal data subject to any of the above-mentioned conditions may be transferred to foreign countries that are declared by the Board to have adequate protection as “Foreign Country with Adequate Protection”. Personal data may be transferred to those in the status of “Foreign Country with a Data Controller Committing to Adequate Protection”, where the data controllers in Turkey and foreign countries, where there is no adequate protection, undertake an adequate protection in writing and where the Board has permission, according to the conditions stipulated in the legislation.
ii. Transfer of Sensitive Personal Data
Sensitive personal data may be transferred under the following conditions by taking all necessary administrative and technical measures, including the methods to be determined by the Board, in accordance with the principles set out in the Policy:
a. Sensitive personal data other than health and sexual life, without seeking the explicit consent of the data subject in case there is an explicit provision in the laws regarding the processing of personal data, otherwise in case the explicit consent of the data subject is obtained.
b. Sensitive personal data relating to health and sexual life, for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of confidentiality, without seeking explicit consent, otherwise, in case the explicit consent of the data subject is obtained.
4. DISTINCTION OF PROCESSED PERSONAL DATA AND PURPOSES OF PROCESSING
The purpose of Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. in processing personal data is to inform the relevant persons in accordance with Article 10 of the Law and other legislation, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, in accordance with the general principles specified in the Law, especially the principles specified in Article 4 of the Law regarding the processing of personal data.
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. processes the personal data of its shareholders and officials in order to fulfill its legal obligations arising from the Turkish Commercial Code, Tax Procedure Law, Labor Law and other relevant legislation.
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. records the data of those who continue their activities with Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. in order to ensure that they act in accordance with the specified rules, to draw notices to ensure performance in accordance with the contract in case of breach of obligations, to apply for enforcement and litigation remedies and to take other measures. Personal data of the branches are obtained through lease agreements, addendums, additional agreements, protocols, e-mail correspondence.
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. records the information of suppliers who provide goods/services to Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. in order to check whether they fulfill their responsibilities and to ensure the order of activities. Personal data belonging to suppliers are obtained by transferring e-mail information sent and received as a result of communication with them, telephone calls, business cards and website information.
The Company requests and processes the personal data of its employees and candidate employees in order to complete the mandatory documents to be included in the personnel file of the persons within the scope of the applicable Labor Law, Occupational Health and Safety Law in order to make the SSI registration. This personal data is obtained through the curriculum vitae they submit with their explicit consent during the recruitment and job application phase, job application forms, resume viewing methods offered by human resources software programs (such as Kariyer.net, LinkedIn) that provide candidate pool services, and the answers they give to the questions asked to them during the interview and answered with their consentAy Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. requests and processes personal data from real persons who apply for a job in order to communicate with the person for interview purposes during the recruitment process and to determine whether the qualifications and experiences of the person during the interview are compatible with the qualifications of the personnel to be recruited. The aforementioned personal data are obtained by the applicants sending their resumes to the human resources department with their own explicit consent, answering the questions asked during the interview with their own consent, or by resume viewing methods offered by human resources software programs (such as Kariyer.net, LinkedIn) that provide advertisement publishing and candidate pool services.
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. records the data of the employees and authorized natural persons of the business partners with whom it cooperates within the framework of the purposes of establishment of the business partnership.
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. records the personal data of the supplier for the purpose of providing the necessary goods/services to fulfill its commercial activities and for the purpose of supervision. This personal data is obtained from signed contracts, invoices sent, device delivery minutes, electronic mail correspondence, telephone and other means of communication and business cards.
The information contained in the complaint and request form received by Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. is processed in order to ensure service quality.
Detailed information on the categories of personal data processed is provided in the document “Annex 2- Personal Data Categories” attached to the Policy; detailed information on the purposes of personal data processing is provided in the document “Annex 1- Purposes of Personal Data Processing” attached to the Policy.
5. MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the preservation of the data in accordance with the conditions specified in the Law, and to carry out or have the necessary audits carried out within this scope.
Although all technical and administrative measures have been taken, in the event that the processed personal data is illegally obtained by third parties, Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. will notify the relevant authorities as soon as possible.
5.1. Technical Measures
i. Appropriate technical measures are taken in line with the activity carried out by the Company, and the measures taken are periodically updated and renewed.
ii. Access and authorization technical solutions are put in place in accordance with the legal compliance requirements determined on a business unit basis.
iii. Access authorizations are limited and authorizations are regularly reviewed.
iv. The technical measures taken are periodically checked, the issues that pose a risk are re-evaluated and necessary technological solutions are produced.
v. Software and hardware including virus protection systems and firewalls are installed.
vi. Qualified personnel are employed in technical matters and system vulnerabilities are controlled.
vii. Regular security scans are carried out to identify security vulnerabilities in applications where personal data is collected. It is ensured that the vulnerabilities found are closed
viii. It is ensured that personal data is destroyed in a way that cannot be recycled and leaves no audit trail.
5.2. Administrative Measures
i. Company Personnel are trained on the technical measures to be taken to prevent unlawful access to personal data.
ii. Personnel are trained on the Law.
iii. Personal data access and authorization processes are designed and implemented within the Company in accordance with the legal compliance needs of personal data processing on a business unit basis.
iv. Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. has added records to all kinds of documents regulating the relationship between its personnel and the Company and containing personal data that the obligations stipulated by the Law must be complied with in order to process personal data in accordance with the law, personal data must not be disclosed, personal data must not be used unlawfully and the confidentiality obligation regarding personal data continues even after the termination of the employment contract with the Company, and the failure of the personnel to comply with these obligations requires the application of sanctions that may lead to the termination of the employment contract.
v. The personnel are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of the Law and cannot use them for purposes other than processing, and that this obligation will continue after they leave their duties, and the necessary commitments are obtained from them in this direction.
vi. In the contracts concluded by Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. with the persons to whom personal data are transferred in accordance with the law; provisions are added that the persons to whom personal data are transferred will take the necessary security measures to protect personal data and ensure that these measures are complied with in their own organizations.
vii. In the event that the personal data processed by Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. is obtained by others through unlawful means, it shall notify the relevant person and the Board as soon as possible.
Viii Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. employs knowledgeable and experienced personnel about the processing of personal data and provides its personnel with the necessary training within the scope of personal data protection legislation and data security.
ix. Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. conducts the necessary audits in order to ensure the implementation of the provisions of the Law within its legal entity. It eliminates the confidentiality and security weaknesses that arise as a result of the audits.
x. Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. is responsible for the third parties to whom it transfers personal data to fulfill their obligations to process and store the data in accordance with the provisions of the Policy and the Law and to access the data in accordance with the law in accordance with Article 12 of the Law. For this reason, Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. must obtain commitments that include the fulfillment of these conditions in the contracts and all kinds of arrangements to be made while transferring data to third parties and authorizing it to conduct audits. Again, Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. should specifically inform all its personnel about the responsibilities arising from the processes of transferring personal data to third parties.
6. STORAGE AND DESTRUCTION OF PERSONAL DATA
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. retains personal data for the period required for the purpose of processing and for the minimum period stipulated in the relevant legislation. Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti., first of all, if a period is determined in the relevant legislation, in accordance with this period; If a legal period is not stipulated, it stores personal data for the period required for the purpose of processing personal data. Personal data are destroyed at the end of the specified storage periods, in accordance with the periodic destruction periods or the data owner’s application, by the specified method (deletion, destruction or anonymization).
7. RIGHTS OF PERSONAL DATA SUBJECTS AND EXERCISE OF THESE RIGHTS
7.1. Rights of the Personal Data Owner
Personal data subjects have the following rights
- Learn whether personal data is being processed,
ii. Request information if personal data has been processed,
iii . To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
iv. Learning the third parties to whom personal data are transferred domestically or abroad,
v. To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
vi. Although it has been processed in accordance with the provisions of the Law and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
vii. To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
viii. In case of damage due to unlawful processing of personal data, to demand the compensation of the damage.
7.2. Exercising the Rights of the Personal Data Owner
Personal data owners can submit their requests regarding their rights listed in Article 6.1. to Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. by the methods determined by the Board. They can always apply to Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. by filling out the “Data Owner Application Form” which can be accessed from the address -verilerin-korunmasi on the website.
7.3. The Company’s Response to Applications
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. finalizes the applications made by the personal data owner in accordance with the Law and other legislation. Requests duly submitted to the Company shall be finalized free of charge as soon as possible and within 30 (thirty) days at the latest. However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Board.
7.4.The Company’s Rejection of the Personal Data Owner’s Application
Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. may reject the application of the applicant in the following cases by explaining the reason:
i. Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,
ii. Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that such processing does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime,
iii Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
iv. Processing of personal data by judicial or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings,
v. Processing of personal data is necessary for the prevention of crime or criminal investigation,
vi. Processing of personal data made public by the personal data subject himself/herself,
vii. Processing of personal data is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by law,
viii. Personal data processing is necessary for the protection of the economic and financial interests of the state in relation to budget, tax and financial matters,
ix. The request of the personal data subject is likely to impede the rights and freedoms of other persons,
x. Demands were made that required disproportionate effort,
xi. The requested information is publicly available.
8. EXECUTION
The Board of Directors of Ay Teks Tekstil Sanayi ve Dış Ticaret Ltd. Şti. is responsible for the execution of the Law and Policy as the data controller. Board of Directors, department managers are responsible for the follow-up, coordination and supervision of all works and transactions within this scope.
9. EFFECTIVENESS and PUBLICITY
The Policy entered into force on 15/12/2023. Changes in the Policy shall be published on the Company’s website and made available to personal data owners and relevant persons. Policy changes enter into force on the date of announcement.
APPENDICES:
Annex 1 – Purpose of Processing Personal Data;
Annex 2 – Categories of Personal Data
ANNEX 3 -Third Parties to whom Personal Data are Transferred and Purposes of Transfer.
ANNEX 1- Categorical Personal Data Processing Purposes i
Execution of Emergency Management Processes |
Execution of Information Security Processes |
Employee Candidate / Intern |
Execution of Employee Candidate Application Processes |
Execution of Employee Satisfaction and Loyalty Processes |
Fulfillment of Obligations Arising from Employment Contract and Legislation for Employees |
Execution of Fringe Benefits and Benefits Processes for Employees |
Conducting Audit / Ethics Activities |
Conducting Training Activities |
Execution of Access Authorizations |
Execution of Activities in Compliance with the Legislation |
Execution of Finance and Accounting Affairs |
Execution of Company / Product / Service Loyalty Processes |
Ensuring Physical Space Security |
Execution of Assignment Processes |
Follow-up and Execution of Legal Affairs |
Conducting Internal Audit / Investigation / Intelligence Activities |
Execution of Communication Activities |
Planning Human Resources Processes |
Execution / Supervision of Business Activities |
Execution of Occupational Health / Safety Activities |
Receiving and Evaluating Suggestions for Improvement of Business Processes |
Execution of Business Continuity Ensuring Activities |
Execution of Logistics Activities |
Execution of Goods / Service Procurement Processes |
Execution of Goods / Services After Sales Support Services |
Execution of Goods / Service Sales Processes |
Execution of Goods / Services Production and Operation Processes |
Execution of Customer Relationship Management Processes |
Execution of Activities for Customer Satisfaction |
Organization and Event Management |
Conducting Marketing Analysis Studies |
Execution of Performance Evaluation Processes |
Execution of Advertising / Campaign / Promotion Processes |
Execution of Risk Management Processes |
Execution of Storage and Archive Activities |
Execution of Social Responsibility and Civil Society Activities |
Execution of Contract Processes |
Execution of Strategic Planning Activities |
Tracking Requests / Complaints |
Ensuring the Security of Movable Property and Resources |
Execution of Supply Chain Management Processes |
Execution of Wage Policy |
Execution of Marketing Processes of Products / Services |
Ensuring the Security of Data Controller Operations |
Foreign Personnel Work and Residence Permit Procedures |
Execution of Investment Processes |
Execution of Talent / Career Development Activities |
Providing Information to Authorized Persons, Institutions and Organizations |
Execution of Management Activities |
Creating and Tracking Visitor Records |
Planning and Management of Access Authorizations of Business Partners, Suppliers to Information and Facilities |
Management of Relations with Business Partners, Suppliers |
Planning and Management of Compliance of Activities with Relevant Legislation or Company Procedures |
Annex 2- Data Categories and Personal Data
Data Categories | Personal Data |
Identity | Name, Surname |
Mother-Father Name | |
Mother’s Maiden Name | |
Date of Birth | |
Place of Birth | |
Marital Status | |
Identity Card Serial Number | |
TR Identity No | |
Passport Number | |
Temporary TR Identity Number | |
Gender Information | |
Turkish Identity Card | |
Driver’s License | |
Contact | Address |
Email Address | |
Contact Address | |
Registered Electronic Mail Address (KEP) | |
Telephone No | |
Location | Location information / street address etc. |
Personnel | Payroll Information |
Disciplinary Investigation | |
Employment Entry-Exit Document Records | |
Curriculum Vitae Information | |
Performance Evaluation Reports | |
Legal Action | Information in correspondence with judicial authorities, information in the case file, etc. |
Customer Transaction | Invoice |
Deed | |
Check Information | |
Entry-Exit Information | |
Order Information | |
Appointment Information | |
Physical Space Security | Employee and Visitor Entry and Exit Registration Information |
Camera Recordings | |
Process Security | Transaction Security (such as IP address information, website login and exit information, password and password information) |
IP Address Information | |
Website Login and Logout Information | |
Password and Passcode Information | |
Risk Management | Information processed for the management of commercial, technical, administrative risks, such as |
Finance | Balance Sheet Information |
Financial Performance Information | |
Credit and Risk Information | |
Asset Information | |
Bank Account Number | |
IBAN Number | |
Professional Experience | Diploma Information |
Course Information | |
On-the-Job Training Information | |
Certificates | |
Marketing | Shopping History Information |
Survey | |
Cookie Registrations | |
Information Obtained through the Campaign | |
Audio and Visual Recordings | Closed Circuit Camera System Video, Audio Recording |
Dress and Attire | Information on Dress and Attire |
Union Membership | Union Membership Information |
Health Information | Information on Disability Status |
Blood Type Information | |
Device and Prosthesis Information | |
Criminal Conviction and Security Measures | Information on Criminal Conviction |
Information on Security Measure | |
Family Information | Number of Children |
Family Wallet | |
Spouse Employment Information | |
Child Education and Age Information | |
Study Data | Department |
Mode of Operation | |
Profession | |
References | |
Last company information | |
Signature | Wet or electronic signatures, fingerprints, special marks on documents that are personal data |
Website Usage Data | Application Form Filling Date |
Frequency/Times of Login to the Site | |
Last Login Date | |
IP Address | |
Request/Complaint Management Information | Survey Data |
Personal data regarding the receipt and evaluation of any request or complaint addressed to the Company. | |
Reputation Management Knowledge | Information collected for the purpose of protecting the Company’s commercial reputation and information about the evaluation reports and actions taken. |
Incident Management Knowledge | Personal data processed in order to take the necessary legal, technical and administrative measures against the events that develop in order to protect the commercial rights and interests of the Company and the rights and interests of its customers. |
Insurance | Private Insurance Data |
Social Security Institution Data | |
Vehicle Information | Vehicle license plate, make, model, model year, engine chassis number, registration date, registration sample, no damage information |
Compliance Information | Personal data processed within the scope of compliance |
Audit and Inspection Information | Personal data processed during internal or external audit activities |
Residence Permit Information for Foreigners | Information on Residence and Work Permits for Foreigners |
ANNEX -3 -Persons to whom Personal Data are Transferred and Purpose of Transfer ri Ay Teks Tekstil Sanayi ve Dış Tic. Ltd. Şti. may transfer the personal data of its partners/suppliers, customers and employees to the categories of persons listed below in accordance with Articles 8 and 9 of the Law:
Persons to whom data can be transferred | Definition | Purpose and Scope of Data Transfer |
Natural persons or private legal entities | Real persons or legal entities with whom the Company has a relationship and performs transactions due to its activities | Limited to the work and transaction performed |
Shareholders | Ay Teks Tekstil Sanayi ve Dış Tic. Ltd. Şti. and real persons who have established a partnership relationship | Companylimited to the planning, execution and supervision of strategies related to its commercial activities |
Business Partners | Companybusiness partners, business partner banks with whom it has a relationship for purposes such as the promotion and marketing of products and services, after-sales support | Limited to the purposes and activities of establishing and conducting business partnerships |
Authorized Public Institutions and Organizations | Social Security Institution, Tax Offices etc. in accordance with the provisions of the relevant legislation XXXXXXXXXXXXXXXPublic institutions and organizations authorized to receive information and documents from | Limited to the purpose requested by the relevant public institutions and organizations subject to their legal authority |
Legally Authorized Private Law Persons | Institutions or organizations established in accordance with certain conditions in accordance with the provisions of the relevant legislation and continuing their activities within this framework | Limited to the subjects that fall within their fields of activity |
Private Insurance Companies | Private health, pension, PPS applications | Limited to the scope of private insurance registrations and declarations |
Members of the Board of Directors | Ay Teks Tekstil Sanayi ve Dış Tic. Ltd. Şti.’s Board Members | Ay Teks Tekstil Sanayi ve Dış Tic. Ltd. limited for the purpose of carrying out the activities of the Board of Directors of Ay Teks Tekstil Sanayi ve Dış Tic. |
Service providers and cooperating organizations | Contracted service providers and cooperating organizations | Limited to the principles of the contract and cooperation protocol |
Lawyer | Lawyers authorized to practice law in accordance with the relevant legislation | Limited to issues that may have legal consequences in company activities and labor transactions. |
Supplier | Ay Teks Tekstil Sanayi ve Dış Tic. Ltd. Şti. in line with data processing purposes and requests | Limited to the supply of goods and services to fulfill the Company’s commercial activities from outsourcing |
Consultants | Experts and those whose expertise and experience are utilized | Experts and those whose expertise and experience are utilized |
Auditors | Auditors authorized to audit in accordance with the relevant legislation | Limits of authority and duties set in the legislation |
