PERSONAL DATA PROCESSING POLICY

1. OBJECTIVE

This document outlines the Company's policies regarding the processing, storage, and protection of personal data in accordance with the law and the purpose of the Personal Data Protection Law No. 6698. It aims to inform individuals whose personal data is processed by the Data Controller, including but not limited to Company Partners, Company Partner Representatives and Company Officials, Company Employees, Job Applicants, Interns, Visitors, Customers, Prospective Customers, Customer Representatives, Suppliers, Supplier Employees, Supplier Subcontractors, Supplier Subcontractor Employees, and third parties, about the procedures and principles to be followed regarding the processing, storage, and protection of personal data.

In this way, the aim is to ensure full compliance with the legislation in the processing and protection of personal data carried out by the Data Controller and to protect all the rights of personal data owners arising from the legislation regarding personal data.

 

2. SCOPE

This policy covers natural persons whose personal data is processed by the Data Controller, including but not limited to Company Partners, Company Partner Representatives and Company Officials, Company Employees, Job Applicants, Interns, Visitors, Customers, Prospective Customers, Customer Representatives/Employees, Suppliers, Supplier Representatives/Employees, and third parties, through automated or non-automated means as part of any data recording system. This Policy shall in no way apply to legal entities or legal entity data.

The Data Controller informs the relevant Personal Data Owners about the Law by publishing this Policy on its website. In addition to the provisions of this policy, the Personal Data Processing and Protection Policy for Employees applies to the Data Controller's employees. This Policy will not apply if the data does not fall within the scope of "Personal Data" as specified below, or if the Personal Data processing activity carried out by the Data Controller is not in the ways specified in this Policy. In this context, the personal data owners within the scope of this Policy are the natural persons defined below. The Policy covers all personal data processing activities of the Data Controller, and compliance with its requirements is mandatory for all Data Controller employees and relevant third parties.

 

 

3. DEFINITIONS AND ABBREVIATIONS

Company/Our Company/Data Controller

MIPO TECHNOLOGY INC.

Personal Data/Data

Any information relating to an identified or identifiable natural person.

Special Category Personal Data(s)

This includes data relating to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.

Processing of Personal Data

Personal data processing refers to any operation performed on data, such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, acquiring, making available, classifying, or preventing the use of data, whether wholly or partly automated or through non-automated means as part of a data recording system.

Data Subject/Relevant Person

Company Partners, Company Partner Representatives and Company Officials, Company Employees, Job Applicants, Interns, Visitors, Customers, Prospective Customers, Customer Representatives/Employees, Suppliers, Supplier Representatives/Employees, and Third Parties, as well as natural persons whose personal data is processed by the company, are referred to as company partners.

Worker

These are individuals who have had, or currently have, an employment contractual relationship with the company.

Company Partner

They are the natural persons who are partners in the company.

Company Partner Representative

The natural person representative(s) of the natural and/or legal persons who are partners of the Company

Company Official

They are the company's board members and other authorized natural persons.

Job Candidate

These are individuals who have applied for a job with the Company in any way or who have made their resumes and related information available for the Company's review.

Intern

These are individuals who have applied to the Company as interns or who have made their resumes and related information available for the Company's review, either directly or through third-party institutions.

Visitor

These are all natural persons who enter the Company's physical premises for various purposes or visit its websites for any purpose.

Customer

Individuals who purchase, use, or have used the products and services offered by the Company are considered customers, regardless of whether they have any contractual relationship with the Company.

Prospective Customer/Potential Customer/

These are natural and legal persons who, in accordance with commercial customs and principles of good faith, have expressed interest in or may express interest in purchasing or using the Company's products and services.

 

 

Supplier

These are natural persons with whom the Company has any kind of business relationship, provided that they remain within the scope of the procurement.

Supplier Representative/Employee

This includes all natural persons, including employees, partners, and officers of the natural and legal person suppliers and supplier subcontractors with whom the Company has any kind of business relationship.

Contact Person

The person or persons to be determined by the Company Official.

Group Company

It refers to the company/companies belonging to the group to which the company is affiliated. (Aral Grup Elektronik A.Ş. Group)

Data Recording System

It refers to a data processing request where personal data is processed by structuring it according to specific criteria.

Data Controller

The Data Controller is the natural or legal person who determines the purposes and methods of processing personal data and is responsible for establishing and managing the data recording system. (In this policy, Data Controller refers to A.Ş.)

Data Processor

A data controller is a natural or legal person who processes personal data on behalf of the data controller, based on the authority granted by the data controller.

Explicit Consent

It is informed and freely given consent regarding a specific matter.

Anonymization

It is the process of rendering data that was previously associated with an individual in such a way that, even when combined with other data, it cannot be linked to a specific or identifiable natural person.

Destruction of Personal Data

Data destruction is the process of rendering personal data inaccessible, irretrievable, and unusable by anyone in any way.

Deletion of Personal Data

Deleting personal data is the process of making personal data completely inaccessible and unusable for the relevant users.

Law

This refers to the Law No. 6698 on the Protection of Personal Data.

Personal Data Protection Board

It is the Personal Data Protection Board.

 

 

 

 

4. POLICY TEXT

 

4.1 Processing and Transfer of Personal Data

 

4.1.01 General Principles in the Processing of Personal Data

 

Personal Data is processed by the Company in accordance with the procedures and principles stipulated in the Law and this Policy. The Company adheres to the following principles when processing Personal Data:

 

aa. Personal Data, relevant in accordance with legal rules and the requirements of the principle of honesty It is processed as such.

 

bb. Personal Data accurate and up-to-date This is ensured by carefully considering factors such as identifying the specific sources from which the data is obtained, verifying its accuracy, and evaluating whether it needs to be updated.

 

Personal Data; for specific, clear and legitimate purposes Personal data is processed. The legitimacy of the purpose means that the Personal Data processed by the Company is related to and necessary for the business it conducts or the services it provides, and for the activities and processes the Company carries out.

 

Personal Data is processed only in relation to the intended purpose for achieving the objectives determined by the Company, and Personal Data that is not related to or needed for achieving the objective is avoided. The Personal Data processed is limited only to that which is necessary for achieving the objective. Personal Data processed within this scope includes:, limited and proportionate to the purpose for which they were processedStop.

 

ee. If the relevant legislation specifies a retention period for the data, these periods will be complied with; otherwise, Personal Data will only be processed if... kept for as long as necessary for the purpose for which they were processed If there is no longer a valid reason for retaining the Personal Data, that data will be deleted, destroyed, or anonymized.

 

4.1.02 Conditions for Processing Personal Data

 

The company does not process personal data without the explicit consent of the data subject. However, personal data may be processed without the explicit consent of the data subject if any of the following conditions exist:

 

i. The company may process the Personal Data of Data Subjects even without explicit consent in cases explicitly provided for by law. For example, pursuant to Article 230 of the Tax Procedure Law, the explicit consent of the data subject is not required to include their name on an invoice.

 

ii. In cases where a person is unable to express their consent due to factual impossibility or where their consent cannot be considered valid, Personal Data may be processed without explicit consent to protect the life or physical integrity of that person or another person. For example, in a situation where a person is incapacitated or mentally ill and their consent is not valid, their Personal Data may be processed during a medical intervention to protect their life or physical integrity. In this context, data such as blood type, past illnesses and surgeries, and medications used may be processed through the relevant healthcare system.

 

iii. Personal data belonging to the parties to a contract may be processed by the company, provided that it is directly related to the establishment or performance of the contract. For example, the account number information of the creditor may be obtained in order to make a payment pursuant to a contract.

 

iv. The company, as the data controller, may process the Personal Data of Data Subjects if it is necessary to fulfill its legal obligations.

 

v. Personal Data that has been made public by the Data Subjects themselves, in other words, Personal Data that has been disclosed to the public in any way, may be processed by the Company if the legal interest requiring protection no longer exists.

 

vi. The company may process the Personal Data of Data Subjects without seeking their explicit consent in cases where data processing is necessary for the exercise or protection of a legally legitimate right.

 

vii. The Company may process the Personal Data of Data Subjects in cases where it is necessary to meet its legitimate interests, provided that this does not harm the fundamental rights and freedoms of the Data Subjects protected under the Law and Policy. The Company demonstrates the necessary sensitivity in complying with the basic principles regarding the protection of Personal Data and in considering the balance of interests of the Data Subjects.

 

4.1.03 Conditions for Processing Special Categories of Personal Data

 

The company does not process Special Categories of Personal Data without the explicit consent of the data subject. However, Personal Data other than health and sexual life data may be processed without the explicit consent of the data subject in cases stipulated by law. Personal Data relating to health and sexual life may only be processed by the Company without the explicit consent of the data subject under conditions where we are obligated to maintain confidentiality, for the purposes of protecting public health, preventive medicine, medical diagnosis and treatment and care services, and planning and managing health services and their financing. The company takes the necessary steps to ensure that adequate measures are taken in the processing of Special Categories of Personal Data as determined by the Board.

 

In addition to the provisions in this Policy, the Company has established a separate, systematic, clearly defined, manageable and sustainable policy for the security of Special Categories of Personal Data. In this regard, the Special Categories of Personal Data Security Policy is implemented.

 

4.1.04 Conditions for the Transfer of Personal Data

 

Our company may transfer the Personal Data and Special Categories of Personal Data of Data Subjects to third parties in accordance with the Law, by establishing the necessary confidentiality conditions and taking security measures in line with the purposes of processing Personal Data. Our company acts in accordance with the regulations stipulated in the Law during the transfer of Personal Data. In this context; our company may transfer Personal Data to third parties in line with legitimate and lawful Personal Data processing purposes, based on one or more of the Personal Data processing conditions specified in Article 5 of the Law, and limited to these conditions, if the following conditions are met:

 

 If the Data Subject has given explicit consent,

 

If there is an explicit provision in the laws regarding the transfer of Personal Data,

 

a. If it is necessary for the protection of the life or physical integrity of the Personal Data Subject or another person.

 

b) If the Data Subject is unable to express their consent due to factual impossibility or if their consent is not legally valid,

 

c. If the transfer of Personal Data belonging to the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract,

 

d. If the transfer of Personal Data is necessary for our company to fulfill its legal obligations,

e. If the Personal Data has been made public by the Personal Data owner,

 

f. If the transfer of personal data is necessary for the establishment, exercise or protection of a right,

 

g. If the transfer of Personal Data is necessary for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the Personal Data Subject.

 

4.1.04.1 Conditions for Transferring Personal Data Abroad

 

Our company may transfer the Personal Data and Special Categories of Personal Data of Data Subjects to third parties abroad in line with the purposes of Personal Data processing, by taking the necessary security measures. Personal Data may be transferred by our company to foreign countries declared by the Personal Data Protection Board to have adequate protection, or, in cases where adequate protection is not available, to foreign countries where the data controllers in Türkiye and the relevant foreign country have provided a written guarantee of adequate protection and have the permission of the Personal Data Protection Board.

 

4.1.05 Conditions for Transferring Special Categories of Personal Data

 

The company may transfer the Data Subject's Special Categories of Personal Data to third parties in the following cases, in line with legitimate and lawful Personal Data processing purposes, by exercising due diligence, taking necessary security measures, and implementing adequate precautions as stipulated by the Personal Data Protection Board.

(i) If the Data Subject has given their explicit consent, or

(ii) Under the following conditions, without requiring the explicit consent of the Personal Data Subject;

 

a) Special Categories of Personal Data (such as race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership in associations, foundations or trade unions, data relating to criminal convictions and security measures, as well as biometric and genetic data), excluding the health and sexual life of the Data Subject, may be processed in cases stipulated by law.,

 

b) Special categories of personal data relating to the data subject's health and sexual life may only be transferred by persons or authorized institutions and organizations bound by an obligation of confidentiality, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and managing health services and their financing.

 

4.1.05.1 Transfer of Special Categories of Personal Data Abroad

 

The company may transfer the Data Subject's Special Categories of Personal Data to foreign countries where the data controller has adequate protection or undertakes to provide adequate protection, in line with legitimate and lawful Personal Data processing purposes, by exercising due diligence, taking necessary security measures, and implementing adequate precautions as stipulated by the Personal Data Protection Board, in the following cases:.

 

(i) If the Data Subject has given their explicit consent, or

 

(ii) Under the following conditions, without requiring the explicit consent of the Personal Data Subject;

 

a) Special Categories of Personal Data (such as race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership in associations, foundations or trade unions, data relating to criminal convictions and security measures, as well as biometric and genetic data), excluding the health and sexual life of the Data Subject, may be processed in cases stipulated by law.,

 

b) Special categories of personal data relating to the data subject's health and sexual life may only be transferred by persons or authorized institutions and organizations bound by an obligation of confidentiality, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and managing health services and their financing.

 

4.2 Classification of Personal Data, Purposes of Processing and Transfer, and Persons to Whom They Will Be Transferred

 

4.2.01 Classification of Personal Data

 

The company processes personal data in the categories listed below, in accordance with its legitimate and lawful purposes for processing personal data, based on one or more of the conditions for processing personal data specified in Article 5 of the Law, and in compliance with the general principles specified in the Law, primarily the principles specified in Article 4 regarding the processing of personal data, and all obligations regulated in the Law, and limited to the subjects within the scope of this Policy, by informing the relevant individuals in accordance with Article 10 of the Law. This section also specifies which data owners, as defined in this Policy, are associated with the personal data processed in these categories.

 

 

PERSONAL DATA CATEGORY

PERSONAL DATA CATEGORY DESCRIPTION

 

Identity Information

 

Data that clearly relates to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of a data recording system; and contains information about the person's identity; such as name, surname, Turkish Republic identity number, nationality, mother's name and father's name, mother's maiden name, place of birth, date of birth, gender, marital status, as well as documents such as driver's licenses, national identity cards and passports, and tax number, social security number, signature information, vehicle license plate number, etc.

 

Contact Information

Information that clearly relates to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of a data recording system; such as address number, telephone number, contact address, e-mail address, registered electronic mail address (KEP), fax number, IP address.

 

Location Data

Personal data that clearly belongs to an identified or identifiable natural person; processed partially or wholly automatically or non-automatically as part of a data recording system; within the scope of the Company's commercial activities and operations carried out by the Company's business units, information about the location of the Company's vehicles and information about a specific or identifiable location in emergency calls, GPS location, travel data, etc.

Personal Information

Personal data that clearly belongs to an identified or identifiable natural person; processed partially or wholly automatically or non-automatically as part of a data recording system; processed for the purpose of obtaining information that forms the basis for the personal rights of natural persons who have an employment relationship with the Company; payroll information, disciplinary investigation information, employment entry document records, asset declaration information, resume information, performance evaluation reports, social security documents, inventory documents, passport information, photographs, bank information, leave forms, travel forms, expense forms, occupational health and safety certificates, insurance information, driver information, and all other types of personal data.

 

Legal Transaction Information

The company's legal processes, the identification and tracking of receivables and rights, the fulfillment of debts, and data processed within the scope of legal obligations include information from correspondence with judicial authorities, incoming and outgoing documents, and court files.

 

Customer Transaction Information

Data that clearly relates to an identified or identifiable natural person, processed partially or fully automatically or non-automatically as part of a data recording system; such as call center records, invoices, promissory note and check information, order information, request information, offers, and service numbers obtained and generated about the relevant person as a result of the Company's commercial activities and the operations carried out by its business units.

 

Physical Space Security Information

Personal data that clearly relates to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of a data recording system; records and documents obtained upon entry to and exit from a physical location, and during stay within the physical location; camera recordings, fingerprint recordings, and records taken at security checkpoints, etc.

 

Transaction Security Information

Personal data processed by the Company in the course of its operations, including IP address information, website login and logout information, and password information, relates to the technical, administrative, legal, and commercial security of both the Data Subject and the Company.

 

Risk Management Information

Data that clearly relates to an identified or identifiable natural person; processed partially or wholly automatically or non-automatically as part of a data recording system; and processed for the management of any commercial, technical, or administrative risks created according to the type of legal relationship the Company has established with the Data Subject.

 

Financial Information

Personal data processed that clearly relates to an identified or identifiable natural person; processed partially or wholly automatically or non-automatically as part of a data recording system; and information, documents, and records showing any financial results created according to the type of legal relationship established between the Company and the Data Subject, as well as data such as bank account number, IBAN number, credit card information, financial profile, asset data, and income information.

 

Professional Experience Information

Data that clearly relates to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of a data recording system, depending on the type of legal relationship the Company has established with the Data Subject; such as diploma information, courses attended, professional training information, certificates, candidate application forms, reference interview information, job interview information, and transcript information.

 

Marketing Knowledge

Data that clearly pertains to an identified or identifiable natural person, processed partially or fully automatically or non-automatically as part of a data recording system; this includes purchase history information, survey data, cookie records, and campaign data obtained and generated about the relevant person as a result of the Company's commercial activities and the operations carried out by its business units.

 

Family Members and Close Relatives Information

Information about the Data Subject's family members (e.g., spouse, mother, father, child), relatives, and other persons who can be contacted in case of emergency; which is clearly related to an identified or identifiable natural person; processed partially or wholly automatically or non-automatically as part of a data recording system; obtained within the scope of operations carried out by the Company's business units or in relation to the products and services it offers; or for the purpose of protecting the legal and other interests of the Company and the Data Subject.

 

Visual/Auditory Information

Data that clearly relates to an identified or identifiable natural person; including photographs and video recordings (excluding recordings falling under Physical Location Security Information), audio recordings, and copies of documents containing personal data.

 

Dress Code Information

Information that clearly relates to an identified or identifiable natural person; obtained partially or wholly automatically or non-automatically as part of a data recording system; photographs, job interview information, candidate application forms, and information relating to identifiable clothing and appearance.

 

Association/Foundation/

Clearly belonging to an identified or identifiable natural person;

Union Member Information

Photographs, job interview information, candidate application forms, and information relating to membership in identifiable associations, foundations, and/or trade unions, obtained partially or fully automatically or non-automatically as part of a data recording system.

Health Information

Personal data such as health reports, disability tax exemption certificates, insurance documents, and military service status certificates of the Personal Data Subject and/or their family members, which clearly belong to an identified or identifiable natural person; are processed partially or fully automatically or non-automatically as part of a data recording system; are obtained within the scope of operations carried out by the Company's business units; in relation to the products and services it offers; or to carry out the business processes of natural persons with whom the Company has a working relationship; or to protect the legal and other interests of the Company and the Personal Data Subject.

Information on Criminal Conviction and Security Measures

Data such as the criminal record of the Personal Data Subject, which clearly relates to an identified or identifiable natural person; is processed partially or wholly automatically or non-automatically as part of a data recording system; and is obtained within the scope of operations carried out by the Company's business units or for the purpose of conducting the business processes of natural persons with whom the Company has a working relationship, or protecting the legal and other interests of the Company and the Personal Data Subject.

 

Biometric Data

Data such as fingerprints and retina scans that clearly belong to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of a data recording system; and obtained and generated within the scope of operations carried out by the Company's business units.

 

Genetic Data

Genetic health data of the Personal Data Subject and/or their family members, which clearly relates to an identified or identifiable natural person; is processed partially or fully automatically or non-automatically as part of a data recording system; is obtained within the scope of operations carried out by the Company's business units; and is obtained for the purpose of carrying out the business processes of natural persons who have a working relationship with the Company.

 

Other Information

Data that clearly belongs to an identified or identifiable natural person; processed partially or wholly automatically or non-automatically as part of a data recording system; obtained within the scope of operations carried out by the Company's business units or in relation to the Company's activities, products and services offered, or for the purpose of carrying out the business processes of natural persons with whom the Company has a working relationship, or protecting the legal and other interests of the Company and the Personal Data Subject; such as information on social characteristics like veteran status, martyr's relative status, disability status, vehicle license plate information, data, IP address, caller and called number information, port range, service start and end time, type of service, amount of data transferred, number of users and subscriber identification information, and traffic information such as calls made through its infrastructure.,

 

 

The types of Personal Data of the Data Subjects specified in the Policy that are processed are indicated in the table below:

 

PERSONAL DATA CATEGORY

THE RELEVANT PERSONAL DATA TO WHICH IT IS RELATED

DATA OWNERS

 

Identity Information

Employee, Customer, Prospective Customer, Customer Representative, Job Applicants, Interns, Company Partner, Company Partner Representative, Company Officer, Visitor, Suppliers, Supplier Representative/Employees

 

Contact Information

Employee, Job Applicants, Interns, Customer, Prospective Customer, Customer Representative, Company Partner, Company Partner Representative, Company Officer, Visitor, Suppliers, Supplier Representative/Employees, Third Party

 

Location Data

Employee, Customer, Customer Representative, Interns, Company Partner, Company Partner Representative, Company Officer

 

Transaction Security Information

Employee, Intern, Customer, Customer Representative, Visitor

 

Family Members and Close Relatives Information

Employee, Intern

 

Physical Space Security Information

Employee, Intern, Visitor, Job Applicants, Company Partner, Company Partner Representative, Company Officer

 

Financial Information

Customer, Customer Representative, Employee, Interns, Suppliers, Supplier Representative/Employees

 

Visual/Auditory Information

Customer, Customer Representative, Employees, Interns, Suppliers, Supplier Representative/Employees

 

Personal Information

Employees, Interns,

 

Legal Transaction Information

Customer, Customer Representative, Employees, Interns, Company Partner, Company Partner Representative, Company Officer,

Suppliers, Supplier Representatives/Employees, Third Parties

 

Customer Transaction Information

Customer, Customer Representative

 

Risk Management Knowledge

Employee, Customer, Customer Representative, Job Applicants, Interns, Company Partner, Company Partner Representative, Company Officer, Visitor, Suppliers, Supplier Representative/Employees

Professional Experience Information

Employees, Job Applicants, Interns, Suppliers, Supplier Representatives/Employees

 

Marketing Information

Customer, Prospective Customer, Customer Representative,

 

Dress Code Information

Employees, Job Applicants, Interns

 

Association/Foundation/Union Member Information

Employees, Job Applicants, Interns

 

Health Information

Employees, Interns

 

Information on Criminal Conviction and Security Measures

 

Employee, Interns, Company Partner, Company Partner Representative, Company Officer

 

Biometric Data

Employees, Interns

 

Genetic Data

Employees, Interns

 

Social Characteristics Information

Customer

 

Vehicle license plate information

Suppliers, Supplier Representative/Employees

 

Traffic Data

Customer, Customer Representative, Third Parties

 

 

4.3 Purposes of Processing and Transferring Personal Data

Personal data is processed by the Data Controller in accordance with the law and the purpose of the Law.,

  •  Policies should be planned and implemented in the best possible way.,
  • Proper planning, execution, and management of business partnerships and strategies,
  • Ensuring the legal, commercial and physical security of himself and his business partners,
  • Ensuring the smooth functioning of the organization, planning and executing management and communication activities,
  • To ensure that Data Subjects benefit from our products and services in the best possible way, and to offer them customized solutions based on their requests, needs, and wishes.,
  • Ensuring the highest level of data security,
  • Creating databases,
  • Improving the services offered on the website and fixing errors that occur on the site,
  • To contact Data Subjects who submit requests and complaints, and to manage these requests and complaints.,
  • Event management,
  • Managing relationships with business partners or suppliers,
  • Managing personnel recruitment processes,
  • Execution/monitoring of financial reporting and risk management processes,
  • Execution/monitoring of company legal affairs,
  • Efforts to protect its reputation are being undertaken.,
  • Managing investor relations,
  • Providing information to authorized institutions as required by law,
  • Creating and tracking visitor records.

 

Personal data is processed within the scope of the personal data processing conditions specified in Articles 5 and 6 of the Law, limited to the purposes mentioned above. If the processing activity carried out for the aforementioned purposes does not meet any of the conditions stipulated in the Law, your explicit consent is obtained by the Company regarding the relevant processing process.

4.3.1. Persons to Whom Personal Data Will Be Transferred

 

Your personal data may be transferred to the following categories of individuals, governed by this Policy and in accordance with the law and the purpose of the Law, for the following purposes:

 

People to whom data can be transferred

Purpose of Data Transfer

 

Suppliers

Limited to ensuring the provision of services that our company procures from suppliers through outsourcing and that are necessary for carrying out our company's commercial activities, or to ensuring the fulfillment of the purposes of the business partnership established for the purpose of carrying out various projects or receiving services, either directly or together with Group Companies, while conducting the company's commercial activities.

Company Officials

In accordance with the relevant legislation, the company's business activities may be transferred only for the purposes of designing strategies, ensuring top-level management, and auditing.

Affiliate

The rights and responsibilities of the affiliated company, with which the Company has a partnership relationship, may be transferred in accordance with the provisions of the legislation, within the scope of the authority and responsibilities that the affiliated company possesses as a shareholder.

Authorized Public Institutions and Organizations

It can be transferred only for the purpose requested by the relevant public institutions and organizations within their legal authority.

Relevant Private Legal Entities

The data may be transferred only to the extent requested by the relevant private legal entities within their legal authority in accordance with the provisions of the legislation.

Occupational Health and Safety Specialist

The company's Occupational Health and Safety expert may transfer this data only for the purpose requested within their legal authority in accordance with the provisions of the legislation.

Internal Company Units

The company's data may be transferred for the purpose of carrying out its business processes and activities and fulfilling its obligations.