This Policy of Protection and Processing of Personal Data (“Policy”) AKVATEK SU ÜRÜNLERİ TURİZM SAN. TİC. A.Ş (“Akvatek” or “Company”) and the principles adopted in the personal data processing activities and the basic principles adopted in terms of compliance of these processed data with the regulations in the Law on Protection of Personal Data (“Law”).
- SCOPE OF THE POLICY
It is very important for us that you fully trust the company and are satisfied with the services we provide. We have created this policy as part of our commitment to meeting your expectations. In this Policy, the commitments we have made to you are specified and how the Company will use your personal data.
Within the scope of the law, in the processing of personal data, the protection of fundamental rights and freedoms, especially the privacy of private life, and the obligations of natural and legal persons who process personal data, and the procedures and principles to be followed.
The purpose of this Policy, prepared in consideration of the said Law, is to ensure compliance with the regulations on the protection of personal data, to process the information obtained by the Company while performing its activities in accordance with the Law, without violating the privacy of private life, and to inform the personal data owners by determining the responsibilities.
- Explicit Consent: It means the consent that is based on information and declared with free will regarding a specific subject.
- Personal Data: All kinds of information relating to an identified or identifiable natural person. (For example, name – last name, the Republic of Turkey ID, email address, mailing address, date of birth, credit card numbers, bank account numbers, etc.) Li>
- Personal Data Owner: Means the natural person whose personal data is processed. Processing of information regarding legal persons is not covered by the Law.
- Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing personal data by fully or partially automatic means or non-automatic means provided that it is a part of any data recording system. is any process performed on data such as transferring, taking over, making it available, classifying or preventing its use.
- Special Quality Personal Data: Race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress code, association, foundation or union membership, health, sexual life, punishment means data on conviction and security measures, as well as biometric and genetic data.
- Data Controller: Means the natural or legal person who determines the purposes and means of processing personal data and is responsible for managing the place where the data is kept systematically (data recording system).
- GENERAL PRINCIPLES ON THE PROCESSING AND PROTECTION OF PERSONAL DATA
- Transparency: We will transmit all information to you while collecting and processing your personal data and inform you about the purpose and recipients of the data.
- Compliance with Laws: We will collect and process your personal data only for the processing purposes described in this Policy.
- Suitability and accuracy: We will only collect personal data required for data processing. No data processing activity is carried out with the assumption that it can be used later. We will take all necessary steps to ensure that the personal data we have is accurate and up to date.
- Storage: We will keep your personal data for the period stipulated in the relevant legislation or when they should be stored for processing purposes.
- Access, correction, objection: You can access your personal data and change, correct or delete them. You can object to the use of your personal data, especially if you do not want to receive sales and marketing information. In this context, information about the department to be contacted (Article 13) is given below in the “Access and Changes” section.
- Privacy and security: We will ensure that necessary technical and administrative measures are taken to protect your personal data against alteration or accidental or illegal loss or unauthorized use, disclosure or access.
- Sharing and international transfer: We may share your personal data with third parties (such as commercial partners and / or service providers) for the purposes specified in this Policy. We will take appropriate measures to ensure security when sharing or transmitting this information.
- WHICH PERSONAL DATA IS COLLECTED?
From time to time Akvatek Su Ürünleri Turizm San. Tic. A.Ş., we will need to request information from you and / or your family members. This information is under main headings:
- Contact information (eg surname, name, phone number, e-mail address)
- Personal information (such as date of birth, nationality, professional experience)
- Information about your family members (eg name, date of birth, age)
- Your closed circuit camera recordings
- Information collected about persons under the age of 18 is limited to name, nationality and date of birth, and this information can only be given to us by an adult. We ask you to make sure that your child does not send us personal data (especially over the Internet) without your consent. If such data is sent, you can contact the Data Privacy Department to delete the information (“Access and Change” article)
We do not collect personal information of special nature regarding race, ethnicity, political views, sect or other beliefs, union memberships, dress code.
- PROCESSING PURPOSES OF PERSONAL DATA
We collect your personal data for the following purposes:
- Conducting the relevant processes within the scope of user / supplier / subcontractor / customer contracts,
- Management of relations and business processes within the scope of contracts with contracted institutions and / or suppliers,
- Conducting processes related to employee candidates and establishing employment contracts,
- Conducting processes such as occupational health and safety, legal notifications for employees
- Planning and execution of the necessary audit activities to ensure that the activities are carried out in accordance with the Company procedures and relevant legislation,
- Execution and follow-up of legal affairs and transactions,
- Execution of internal control and audit processes,
- To meet the demands of the relevant persons,
- Planning and conducting corporate sustainability activities,
- Evaluation of customer demands and complaints,
- Conducting the processes within the scope of marketing activities,
- Managing the company’s operational activities, business relations and human resources processes,
- Realization of processes arising from company law,
- Ensuring that our products and services are presented to our customers in the most appropriate way,
- Giving information to authorized institutions and organizations based on obligations arising from the relevant legislation,
- Complying with legal obligations and legislation
- Creating and tracking visitor records
- THIRD PARTIES TO WHICH PERSONAL DATA IS TRANSFERED AND TRANSFER PURPOSES
The procedures and principles to be applied in personal data transfer are regulated in Articles 8 and 9 of the KVK Law. In order to fulfill the services offered by the Company, personal data are processed within the framework of the Law and other provisions and banks / financing companies, insurance companies, related consultancy and audit companies, real and legal persons with whom we have a proxy relationship, our business partners, shareholders and other third parties. can be shared with people. It is not possible to transfer personal data without the express consent of the personal data owner, except for the exceptional cases specified in the KVK Law.
We are required to share your personal data with internal and external recipients subject to the following conditions:
- In order to provide you with the best service, we may share your personal data within the Company and allow authorized personnel from within the Company to access your data, including:
- Company staff
- Information Technology departments
- Trade partners and marketing services
- Medical services if available
- Legal services, if any
- In general, any suitable person within the Company regarding certain categories of personal data.
- With service providers and partners: The company may send your personal data to the following third party in order to provide you with services and improve:
- External service providers: Information technology subcontractors, international call centers, banks, credit card companies, outside lawyers, distributors, printing houses.
- Suppliers: In order to provide the Company with the necessary services to carry out commercial activities, it can be delivered to suppliers in a limited way.
- Business partners: Unless you specify otherwise to the Data Privacy department, the Company may improve your profile by sharing some of your personal information with its preferred commercial partners. In this case, a trusted third party can cross-check and analyze your data and apply specific systems to your data. With this processing of the data, the Company and its privileged contract partners determine your interests, create your customer profile and send you personalized offers.
- Local authorities: We may be obliged to send your information to local authorities if required by law or as part of an investigation and in accordance with local regulations.
- PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS
We may transfer your personal data to internal and external recipients in countries that provide different levels of personal data protection for the purposes specified in Article 7 of this Policy.
Thus, in addition to the implementation of this policy, the Company, primarily in the Republic of Turkey, provided that the Constitution, laws and other relevant legislation into your personal data in accordance with corporate, business partners or a different level of privacy offered to a foreign buyer in the country that collect personal data can be transmitted safely takes appropriate measures to ensure
In this context, personal data and special quality personal data are transferred to the country or abroad by our Company based on the express consent of the personal data owner or within the scope of the purposes and conditions specified in the third paragraph of Article 6 of the Law and on the condition of taking adequate measures. .
- DATA SECURITY
The company pays utmost attention and care to the issue of ensuring data security, and in accordance with Article 12 of the Law, necessary measures are taken regarding the following issues to ensure data security.
- To prevent unlawful processing of personal data,
- To prevent unlawful access to personal data,
- Ensures that all necessary technical and administrative measures are taken to ensure the appropriate level of security in order to preserve personal data.
- The Company is jointly responsible with these persons for taking the precautions stated in the first article above, in case personal data are processed by another real or legal person on its behalf.
- Employees of the company are informed and trained on the law of protection of personal data and the processing of personal data in accordance with the law.
- Persons working within the Company and / or learning personal information due to their duties do not disclose such information to anyone in violation of the Law and other relevant legislation provisions and do not use it for purposes other than processing. This obligation continues even after they leave the job.
- Provisions are added to the contracts concluded by the company with the persons to whom personal data are legally transferred, stating that the persons to whom the personal data are transferred will take the necessary security measures to protect the personal data and ensure that these measures are complied with in their own organizations.
- The company takes the necessary technical and administrative measures according to the technological possibilities and implementation costs in order to keep personal data in secure environments and to prevent destruction, loss or change for illegal purposes.
- In case the processed personal data is obtained by others through illegal means, the subject matter is notified to the relevant person and the Personal Data Protection Board (“ KVKK “) as soon as possible. In addition, if deemed necessary by KVKK, this will be announced on the website of the KVKK or by any other method.
The company takes appropriate technical and organizational measures in accordance with applicable legal provisions to protect your personal data against unlawful or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. For this purpose, we have taken various technical (eg firewalls) and organizational measures (user ID / password system, physical protection methods, etc.).