1.1. Generally
Ensuring the confidentiality and security of personal data and compliance with relevant legal Deci-sions are among the most important priorities of Ahes Inşaat Ticaret ve Sanayi Anonim Şirketi (the ‘Company”) and utmost care is taken in this regard. In this context, the process and the intended purpose managed by this Personal Data Protection and Processing Policy (‘Policy’) and other written policies within the Company regarding the processing and protection of personal data; it is to inform our employees, employee candidates, visitors, guests and other third parties (‘Related Persons’) about the processing, storage and protection of their personal data in accordance with the law and to reflect our corporate culture.
In the preparation of this Policy, we consider the provisions contained in the relevant legal norms related to the protection and processing of personal data, in particular the regulations contained in the Constitution of the Republic of Turkey and the Personal Data Protection Law No. 6698 (‘KVKK’), as well as the decisions of the Personal Data Protection Board to be a guide for our Company.
In this Policy, explanations will be made regarding the basic principles adopted by our Company for the processing of personal data and the following::
1.2. The Purpose of the Policy
The main purpose of this Policy is to provide explanations about the personal data processing activities carried out by our Company in accordance with the law and the procedures adopted for the protection of personal data, and to ensure transparency by informing the Relevant Persons in this context. In addition, this PDP Policy and other written policies prepared aim to make our principle of compliance with the PDP and other relevant legal regulations related to personal data security sustainable.
1.3. Scope of the Policy
The scope of this policy is aimed at real persons whose personal data are processed by our Company automatically or performed by non-automatic means provided that they are part of any data recording system, and an Internal Directive on the Protection of Personal Data has been established within the scope of this Policy.
1.4. Implementation of the Policy and Related Legislation
This Policy has been organized by embodying it within the principles set forth by the relevant legislation. Our Company undertakes and accepts that if there is a discrepancy between the current legislation and this Policy, the applicable legislation will be applied Decently.
1.5. Effectiveness of the Policy
This policy enters into force upon approval by the board of directors of our Company, on the website (.................) are published and made available to the Relevant People in this way.
Explicit Consent
Consent related to a specific subject, based on information and explained by free will
Anonymization/Anonymization
Making personal data that cannot be associated with an identified or identifiable real person under any circumstances, even by matching it with other data
Employee
Company employees
Employee Candidate
Real persons who have applied for a job to our company by any means or submitted their resume and related information to the review of our Company
Related Person
The real person whose personal data is processed
Personal Data
All kinds of information about an identified or identifiable real person
Processing of Personal Data
All kinds of operations performed on the data such as obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, inheriting, making available, classifying or preventing the use of personal data by means that are fully or partially automatic or non-automatic, provided that they are part of any data recording system
Committee
Personal Data Protection Committee
Assembly
Personal Data Protection Board
Institution
Personal Data Protection Authority
KVK Policy
Personal Data Protection and Processing Policy
KVKK
Personal Data Protection Law No. 6698
Special Categories of Personal Data
Race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, disguise, association, foundation or trade union membership, health, sex life, criminal conviction and security measures related data, as well as biometric and genetic data
Periodic Destruction Process
In case all of the conditions for processing personal data contained in the Law disappear, the deletion, destruction or anonymization process to be performed on your own at recurring intervals specified in the personal December data retention and destruction policy
Politics
Potential Customer
Persons who have requested to use our Services or who have been evaluated in accordance with commercial practices and honesty rules to be found
Company
Ahes Construction Trade and Industry Joint Stock Company
Processing Data
The natural and legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller
Data Recording System
The registration system in which personal data is processed by structuring according to certain criteria, index
Data Controller
A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system
Application Form to the Data Controller
Relevant Persons, KVKK 11. the application form that they will use when applying for their rights contained in the article
Deleting Data
Making personal data inaccessible and unusable again in any way for the relevant users
Destroying Data
Making personal data inaccessible, irrevocable and reusable by no one in any way
3.1. Processing of Personal Data in Accordance with the Principles Stipulated in the Legislation
3.1.1. Processing in Accordance with the Rules of Law and Honesty
Our company has adopted the basic principle of being in compliance with the law and honesty rules in all kinds of transactions to be performed on personal data. In this context, by adopting the principle of transparency, it informs the relevant Persons about the purpose of using the collected personal data through this Policy and other texts.
3.1.2. Ensuring that Personal Data is Accurate and Up-to-Date When Necessary
Our Company has a system and process aimed at ensuring the accuracy and timeliness of the personal data it processes while carrying out the processing of personal data. In this context, the Relevant Persons may make it possible to keep their personal data accurate and up-to-date by applying to our Company.
3.1.3. Processing for Specific, Clear and Legitimate Purposes
Our Company clearly determines the purpose of personal data processing within legitimate and legally appropriate limits and provides it to the information of the Relevant Persons before the personal data processing activity has started yet through this Policy and other texts.
3.1.4. Being Limited and Restrained in Connection with the Purposes for which They are Processed
Our Company processes personal data in a manner that is related to and proportionate to the subject matter of the activity within the scope of the purposes necessary for the execution of the activity. In this context, while conducting data processing activities, it carefully avoids processing personal data that are not related to the realization of the purpose and are not needed at the moment / in the future.
3.1.5. To Keep them for the Period Stipulated in the Relevant Legislation or Necessary for the Purpose for which They are Processed
Our Company stores personal data only for the limited period specified in the relevant legislation or necessary for the purpose for which they are processed. In this context, firstly, it is determined whether a period has been determined in the relevant legislation for the storage of personal data, if a period has been determined, appropriate action is taken for this period, and if a specific period has not been determined, the period necessary for the purpose for which each personal data is processed is determined and stored for this period.
In this context, our Company prepares and implements the policy and directive for the deletion, destruction or anonymization of personal data.
3.2. 5 Of the KVKK of Personal Data. Processing in Accordance with the Personal Data Processing Conditions Specified in the Article and Limited to These Conditions
Our Company processes personal data only on the basis of the explicit consent of the Relevant Person or in cases specified in the KVKK that explicit consent will not be sought, without explicit consent, in a way that will be limited to these conditions and conditions.
3.2.1. Explicit Consent
Explicit consent is a statement that the Person Concerned makes with free will regarding a certain issue and based on information. KVKK m. In accordance with 5/1, our Company respects and complies with the explicit consent of the Relevant Person if necessary in the processing of personal data.
3.2.2. Cases where Explicit Consent is Not Sought
KVKK m. according to 5/2, it regulates the processing of personal data in some cases without the explicit consent of the Relevant Person. Since obtaining explicit consent from the relevant person in the presence of one of the specified conditions will be considered misleading to the Relevant Person, our Company does not apply for explicit consent in cases where data processing conditions exist.
3.3. Processing of Personal Data of a Special Nature
Our Company shows maximum sensitivity in the processes of processing and protection of personal data designated as “special quality” by the KVKK due to the risk of causing greater victimization or discrimination of persons when processed, and the accepted principles regarding special quality personal data are also discussed in this Policy.
Our Company may process personal data of a special nature in the following cases only if the explicit consent of the person concerned does not exist, provided that adequate measures to be determined by the Board are taken.
a) Personal data of a special nature other than the health and sexual life of the person concerned in the cases stipulated by the laws,
b) Private personal data related to the health and sexual life of the person concerned may, however, be processed by persons or authorized institutions and organizations under obligation to keep secrets for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health services and financing, without seeking the explicit consent of the person concerned.
Our Company has determined additional measures and processes regarding the processing of personal data of a October special nature and the access to this data. Within this framework, the environments where private personal data are stored are protected with secondary locks and secondary passwords, and are processed only by authorized persons within the framework of the authorization matrix.
3.4. Transfer of Personal Data
Personal data, in order to fulfill the purposes specified in this Policy, to supervisory organizations within the framework of audit activities, to our shareholders for reasons arising from audit and partnership rights in accordance with relevant legal regulations, to legally authorized public institutions and organizations, to our suppliers and business partners located at home and/or abroad, to natural persons who supply services or to third parties to whom services are provided
Personal data may be transferred within the framework of the processing conditions and purposes specified in articles 8 and 9 of the KVKK.
4.1. Technical and Administrative Measures Taken by Our Company regarding the Security of Personal Data
4.1.1. Technical Measures
The main technical measures taken by our company to ensure that personal data is processed in accordance with the law and to prevent unlawful access to personal data are as follows:
Within this framework, our Company is carrying out continuous and sustainable studies on the technical measures determined by the Board and listed below:
4.1.2. Administrative Measures
The main administrative measures taken by our company to ensure that personal data is processed in accordance with the law and to prevent unlawful access to personal data are as follows:
Within this framework, regarding the administrative measures determined by the Board and listed belowOur company is carrying out continuous and sustainable works:
4.2. Increasing the Awareness and Supervision of Our Employees in the Field of Personal Data Protection
Our company provides the necessary trainings and meetings to increase awareness of the illegal processing of personal data, to prevent illegal access to data and to ensure the safe storage of data.
In order to increase the awareness of existing employees within our company about the protection of personal data, we work with professional persons if necessary in this regard.
4.3. Protection of Personal Data of a Special Nature
The personal data determined as special quality by our Company with the KVKK and processed in accordance with the law are protected with sensitivity. In this context, the technical and administrative measures taken by our Company for the protection of personal data have been determined on the basis of the relevant legal regulation and the decision “Adequate Measures to be Taken by the Data Controllers in the Processing of Personal Data of a Special Nature” published by the Personal Data Protection Authority and are carefully applied in terms of the protection of personal data of a special nature.
4.4. The Process to be Followed in Case of Unauthorized Disclosure of Personal Data
our company will notify the relevant person and the Board within 72 hours if the personal data it processes are seized by others by illegal means.
If deemed necessary by the Board, this situation may be announced on the Board's website or by another method.
4.5. Personal Data Inventory
Each unit of our company creates an up-to-date personal data processing inventory. The unit manager is responsible for the accuracy, timeliness and submission of this inventory to the contact person if necessary. Keeping the inventories correct, implementing the current Company policy on the protection of personal data and current developments on the protection of personal data are always followed up.
5.1. Subject of Application
Our company attaches great importance and value to the rights of the Relevant Persons and provides opportunities and opportunities for them to exercise these rights. A “Data Controller Application Form” has been prepared and published on our website by our company, through which the relevant persons can easily submit their requests. However, it is not mandatory for Interested Persons to use this form. Every application made in accordance with the Communiqué on the Application Procedures and Principles to the Data Controller will be evaluated.
Everyone is related to themselves by applying to our Company;
a) To learn whether his/her personal data has been processed or not,
b) If your personal data has been processed, do not request information about it,
c) To learn the purpose of the processing of their personal data and whether they are used in accordance with their purpose,
ç) To know the third parties to whom their personal data are transferred at home or abroad,
d) To request the correction of your personal data in case of incomplete or incorrect processing of your personal data,
e) 7 OF the KVKK. requesting the deletion or destruction of personal data within the framework of the conditions stipulated in the article,
f) to request that the transactions carried out in accordance with subparagraphs (d) and (e) be notified to the third parties to whom the personal data are transferred,,
g) Objecting to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
ğ) Objecting to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
5.2. Application Method and Address
Application Method
The Address where the Application will be Made
Application Subject Title
Application by hand (If the applicant applies in person, a document confirming his identity must be available, and if an application is made by proxy, a notarized power of attorney must be available.)
“Information Request Within the Scope of the Personal Data Protection Law”will be written on the envelope.
Notification through a notary public
“Information Request Within the Scope of the Personal Data Protection Law” will be written on the notification envelope.
E-Mail via E-Signature/Mobile Signature
……………………
“Information Request Within the Scope of the Personal Data Protection Law”will be written in the subject section of the e-mail.
Application via registered Electronic Mail (PEP) address
“Information Request Within the Scope of the Personal Data Protection Law” will be written in the subject section of the e-mail.
E-mail address registered in our systems (Your e-mail address must have been matched with your ID in our systems before.)
5.3. The Post-Application Process
Applications submitted to us are answered within 30 (thirty) days at the latest from the date of receipt of the request to our Company, depending on the nature of the request. Our responses are sent to the Data Controller based on the notification form specified by the applicant in the Application Form.
Relevant Persons; 14 of the KVKK. if the application is rejected in accordance with the article, the answer given is insufficient or the application is not answered in time, the Company may file a complaint to the Board within thirty days from the date of receipt of the answer and in any case within sixty days from the date of application.
5.4. Application Fee
As a rule, applications are made free of charge. However, if the transaction requested by the relevant persons also requires a cost, the fee in the tariff determined by the Board will be charged by our Company.
Our company, KVKK 10. in accordance with the regulation in the article, it is to enlighten the relevant persons about the process of obtaining personal data through this Policy and the Clarification Text and other texts that are easily accessible on our website. In this context, our Company informs the relevant persons about the identity of the data controller, for what purpose the personal data will be processed, to whom and for what purpose the processed personal data may be transferred, the method and legal reason for collecting personal data, and other rights of the relevant person.
An Application Form has been created for a Data Controller in order for the relevant Person to be able to use the rights specified in the KVKK more easily and has been published on the website of our Company. The relevant section is described in detail in title 5.
7.1. Purposes of Processing of Personal Data
Our company, personal data 5 of the KVKK. and 6. it processes personal data limited to the purposes and conditions within the processing conditions specified in the article. These purposes and conditions;
7.2. Storage Periods of Personal Data
As a company, we store personal data for the period specified in this legislation, if it is stipulated in the relevant legislation. In addition, in determining the storage periods, our obligations arising from the relevant contracts, our responsibilities / obligations in administrative and legal terms are also taken into account.
The purpose of processing personal data has expired, and when the relevant legislation and the retention period determined by the company expire, these personal data are deleted and backed up only to serve as evidence in possible legal disputes or to assert the relevant right related to personal data. In this case, access to personal data is not provided for any other purpose. Personal data is destroyed or anonymized after the expiry of the periods specified in the Personal Data Storage and Destruction Policy of our Company.
The processed personal data and personal data inventories are reviewed in 6-month periods and the personal data that need to be deleted / destroyed are deleted /destroyed within these 6-month periodic destruction periods and the transaction is recorded.
8.1. Monitoring Activities with the Camera Carried Out at the Entrances of the Work Areas and Inside
By our company; In order to ensure the safety of the Related Persons and our Company, we provide services and carry out these services, security camera monitoring activities at the entrance and in the work areas, as well as personal data processing activities for the tracking of entrances / exits and overtime tracking are carried out. In this context, as a Company, we act in accordance with the KVKK and other relevant legislation.
8.1.1. Informing about the Monitoring Activity with the Camera
10 Of the KVKK by our company. in accordance with the article, the relevant persons are informed; thus, it is aimed to prevent damage to the fundamental rights and freedoms of the relevant persons and to ensure transparency. For camera monitoring activities, it provides lighting on the Company's website both with this Policy (online Policy) and with a notification letter that monitoring will be performed at the entrances of the areas where monitoring is performed (on-site lighting / layered lighting).
8.1.2. Limitation of the Purpose and Purpose of Carrying out the Monitoring Activity with the Camera
As a company, we process personal data in accordance with the KVKK in connection with the purposes for which they are processed, to a limited and measured extent. The purpose of continuing the monitoring activity with video camera recording by the Company is limited to the purposes listed in this Policy. In this direction, the monitoring areas of the security cameras, the number and when the monitoring will be carried out are sufficient to achieve the security purpose and are being applied on a limited basis for this purpose.
8.1.3. Ensuring the Security of the Data Obtained by Monitoring Activities with a Camera
All kinds of necessary technical and administrative measures are taken by the Company to ensure the security of the personal data obtained by camera recording. Detailed information is included in the Measures related to data security section.
8.1.4. Who Has Access to the Information Obtained as a Result of Monitoring and to Whom This Information is Transferred
The information obtained as a result of monitoring and the storage environment can only be accessed by authorized persons in this regard. On the other hand, live camera images can be watched by security guards who are company employees or who have received external services. A limited number of people who have access to the records declare that they will protect the confidentiality of the data they access with a confidentiality commitment.
8.2. Visitor Entry/Exit Tracking Carried Out at the Entrances and Inside the Working Areas
Personal data processing activities are carried out by the Company and the company from which external services are obtained for the purposes of ensuring security and tracking visitor entrances and exits in the Company's work areas for the purposes specified in this Policy.
While the names and surnames of the people who come to our work areas as visitors are obtained, the relevant people are illuminated through the texts posted in the relevant areas or made available to the guests in other ways. The data obtained for the purpose of visitor entry and exit tracking are processed only for this purpose and the relevant personal data are recorded in the data recording system in physical and/or electronic environment.
8.3. Recording of Information about Electronic Devices at the Entrances to Work Areas
As a company, in connection with the care and sensitivity we pay to information security and personal data protection, we record the MAC addresses of computers or similar electronic devices when our guests use their own personal computers or similar electronic devices. The reason for this is to ensure the security of our company and the people whose personal data are included in our company.
9. REVIEW
This policy enters into force upon approval by the Company's board of directors. Regarding the changes to be made in the policy, the approval of the person / persons to be authorized by the board of directors is obtained. The issues related to the implementation of this policy within the Company have been systematized by the internal policy, procedures and internal guidelines. The policy is reviewed every 6 months and revisions are made with the approval of the authorized person, if necessary.
10. PERSONAL DATA PROTECTION COMMITTEE
The company has appointed a contact person within the framework of the personal data protection law. Among the employees of the company units Dec .......... a personal Committee has been formed. The Personal Data Protection Committee (“Committee”) is chaired by the Company contact person.
The contact person acts with the opinions and recommendations of the Committee on administrative and technical measures. The principles determined by the Committee regarding administrative and technical measures are taken into account. The Committee makes the necessary efforts to ensure that the Company complies with the legislation on the protection of personal data. The contact person supervises the Company units that he/she is responsible for within the scope of the personal data protection law. As a result of these audits, it alerts the relevant units if necessary and informs the top management about the situation.
The contact person provides coordination on responding to the related person applications made to the Company within the legal deadlines and in accordance with the procedure. The contact person manages the Company's relations with the Personal Data Protection Authority.
11. ENACTMENT
This Policy enters into force from the date of acceptance and announcement by the company's board of directors / authorized bodies.
Size daha iyi bir site deneyimi sunabilmek için çerezler kullanıyoruz. Detaylı bilgi için çerez politikamızı ve kişisel verilerin korunması hakkında açıklama metnini inceleyebilirsiniz.