OUR PURPOSE

ASLANLAR METAL ALM.P.V.C.PLS.IML.İTH.İHR.SAN. ve TİC.LTD.ŞTİ

It  is among our priorities to process the personal data of our employees, suppliers, customers and real persons with whom we have corporate relations in accordance with the "Personal Data Protection Law (KVKK)" numbered 6698 and the relevant legislation.

ASLANLAR METAL ALM.P.V.C.PLS.IML.İTH.İHR.SAN. and TİC.LTD.ŞTİ Company principles on this subject are based on the general approach of "Honesty and Respect" towards all parties that are among the values ​​of the organization and to which it has a relationship.

All necessary administrative and technical measures for the processing, protection, transfer and disposal of personal data we hold are gathered by our group, and the details are explained with this policy. Applications for data belonging to legal entities are not included in this policy.

ASLANLAR METAL ALM.P.V.C.PLS.IML.İTH.İHR.SAN. and TİC.LTD.ŞTİ senior management established these policies and our processes are periodically reviewed and updated when necessary.

As a company, we take care to ensure that this policy, which is open to the public, is understandable and easily accessible.

DEFINITIONS:

Personal Data: Any information specific to an identified or identifiable natural person.

Processing of personal data: All kinds of operations performed on data such as recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over or preventing the use of personal data in whole or in part.

Explicit consent: Consent about a specific subject, based on information and obtained with free will.

Anonymization of personal data: Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

Deletion of personal data: Making personal data inaccessible and unusable for the relevant users in any way.

Disposal of personal data: The process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.

Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Data processor: The organizational unit that uses and stores personal data for its purpose and is responsible for data management.

Periodic disposal: The deletion, disposal or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and disposal policy, in the event that the processing conditions for personal data are completely eliminated.

 

TITLE, DUTIES AND RESPONSIBILITIES OF THOSE INVOLVED IN PERSONAL DATA STORAGE AND DISPOSAL:

Responsibility of a Unit or a Manager:

Legal Department-Personal data retention and disposal policy, legal compliance officer, Ensuring compliance of processes with legislation and evaluation with legal aspect

Member of Personal Data Protection Committee - Establishment of company policies and rules, procedures in accordance with KVKK

Human Resources Managers Human Resources Department-Personal data storage and disposal officer, Preservation of personal data within the scope of the task in accordance with the retention periods and management of the disposal process in accordance with the rules

Information Technologies Management Information Technologies Department-Personal data storage and disposal officer, Preservation of personal data within the scope of the task in accordance with the retention periods and management of the disposal process in accordance with the rules

Financial Affairs Department Management Financial Affairs Department-Personal data storage and disposal officer, Preservation of personal data within the scope of the task in accordance with the retention periods and management of the disposal process in accordance with the rules

Marketing and Sales Management Marketing and Sales Department - Responsible for personal data storage and disposal, Storage of personal data within the scope of the task in accordance with the retention periods and management of the disposal process in accordance with the rules

Administrative Affairs Department Administrative Affairs Department-Personal data storage and disposal officer, Preservation of personal data within the scope of the task in accordance with the retention periods and management of the disposal process in accordance with the rules

PERSONAL DATA WE HAVE:

ASLANLAR METAL ALM.P.V.C.PLS.IML.İTH.İHR.SAN. and TİC.LTD.ŞTİ, the main personal data processed can be defined as follows.

ID information; Name/Surname, T.C. ID no., place/date of birth, marital status, gender, insurance number, etc.

Contact information; Address, Tel. no., E-Mail address,

Accounting information; Bank account no., IBAN no., financial status information (salary, etc.).

health information; Preventive medicine and required data.

Customer complaint information

Information on past work/life life included in the CV.

Personal savings documents; driver's license, certificate, training records.

The personal data we have and summarized above are formatted in an inventory.

OUR OBLIGATIONS:

Our obligation to explain:

While collecting personal data as a data controller we have an obligation to inform the person concerned about the purpose for which the data will be processed, to whom and for what purpose the processed data will be transferred, and will be deleted or destroyed after completing its function. We also train and inform our employees about the processing, storage, protection, deletion, disposal and transfer of personal data in accordance with the law and company rules.

 

Our obligation to ensure data security:

As we have stated before, necessary administrative and technical measures are taken by us to ensure the security of the data we hold. Accordingly, personal data; It is among our obligations to prevent the processing and access contrary to the law and company policy/rules, to ensure that it is stored and preserved under appropriate conditions, and to carry out the data disposal process in accordance with the law and company policy/rules. In case of violation of the rules, necessary legal and internal disciplinary rules are applied by us.

In case of cooperation with third parties for the processing of personal data Contracts with companies that process personal data include provisions regarding taking the necessary security measures.

To prevent illegal access to personal data; Human resources with technical expertise are used.

Physical and electronic access to personal data is restricted to authorized personnel. Authorization procedure is applied for access within the company. In Internal Audit processes, compliance with the procedures and rules related to the subject is controlled.

In case of unauthorized disclosure of personal data, the necessary system is established to inform the relevant person and the KVK Board.

 

PROCESSING PERSONAL DATA:

Our purposes for processing personal data;

To continue our corporate activities,

To ensure that our legal obligations are fulfilled as required or required by legal regulations,

To carry out our commercial activities with our customers, dealers and suppliers in the supply chain,

Evaluating job applications,

Providing compliance management,

Carrying out call center activities,

Providing corporate communication,

To present information about personalized, suitable job posting and employment,

To protect the rights of employees,

Sending a newsletter or making a notification by SMS and E-mail.

We process personal data for the purposes stated above, and we do not process unnecessary personal data.

It is the responsibility of the data processor to ensure that personal data is up to date. If necessary, the relevant department gets in touch with the data owner and provides data updates.

The data is deleted and destroyed at the end of the defined period as per the process.

 

PROCESSING OF PRIVATE DATA:

Special quality data is processed if there is express consent or when required by the legislation, and the details are given in the Security of Special Quality Personal Data policy.

 

PERSONAL DATA PROCESSING FOR HUMAN RESOURCES AND EMPLOYMENT PURPOSES:

The personal data contained in the documents like Curriculum vitae etc. shared during the application process as an employee candidate are processed, stored and transferred to the company management for the purpose of evaluating the job application in accordance with the purpose.

Personal data belonging to the employee are processed by the Human Resources department and are kept in closed and protected areas in personal information files.

 

WIRELESS CONNECTION DATA:

Data about duration, location, continuity, downloading or uploading content of a connection that an electronic device uses and/or has used to connect to any internet network are collected and processed compulsorily in order for the applications to be used. If the visitor does not allow this information, he cant log in.

CASES WHERE EXPRESS CONSENT IS NOT REQUIRED FOR THE PROCESSING OF PERSONAL DATA In CASES OF:

clearly stipulated in the law,

actual impossibility,

According to the contract,

Fulfillment of legal obligation,

Legally mandatory data processing,

to be publicized,

Data for our legitimate interests, provided that it does not harm fundamental rights and freedoms.

İn cases where processing is mandatory

Explicit consent is not sought.

 

SECURE TRANSFER OF PERSONAL DATA:

Within the scope of the relevant legislation personal data are transferred to be shared with group companies, representatives we have authorized (lawyers, institutions from which we receive consultancy and audit services, etc.) and our domestic and foreign business partners.

Except for the above-mentioned cases, no data are transferred to other persons without the consent of the person concerned.

In case of transfer abroad, the international protection situations defined by the KVK Board are taken into account.

In addition, technical and administrative measures necessary for the protection of data will be taken by us in this process.

E-mail is preferred for transferring personal data. The data to be sent is transferred with encrypted files (provided that the password and file information are in separate e-mails). Unless mandatory, data transfer is not made with portable memory. When necessary, this transfer is made in the presence of the responsible persons. Encryption applies within these data files. Sealed envelopes are used for the security of data to be transferred on paper. The data processor is responsible for taking the necessary measures in this regard.

 

STORAGE OF PERSONAL DATA:

Laws and regulations oblige to keep many related personal data for a certain period of time. Therefore, it is our institution's responsibility to keep such personal data in accordance with the legislation and for the required time. These retention periods are defined on the basis of data in the prepared inventory tables.

Personal data is retained for the period stipulated in the legislation or required by its purpose. Data is stored in physical (volume cabinets, archives) or electronic (server, cloud, etc.) media. Necessary security measures have been taken for the storage and preservation of data, and the environment has been provided by us. In this environment, care is taken not to lose the integrity of the data. Personal data whose storage period has expired are destroyed (deletion, disposal) in 6-month periods.

The necessary infrastructure and specific mechanisms are established.

 

DELETING, DESTROYING PERSONAL DATA:

 

• There is a change in the provisions of the legislation that forms the basis for the processing of personal data,

 

• Elimination of conditions that require the processing and storage of personal data,

 

• The concerned does not give consent or withdraws consent and this decision is approved by the data controller,

 

• The expiry of the maximum period that requires the storage of personal data,

 

• As a result of the application made to the KVK Board, the request for the disposal of data is approved by the board,

 

• In such cases, deletion, disposal and/or anonymization process is applied for personal data.

 

METHODS USED FOR DELETING AND DESTROYING PERSONAL DATA:

 

• The responsibility of securely deleting and destroying data stored as documents in physical media (in cabinets and/or archives) rests with the unit managers who process that data. Such documents are destroyed by cutting, burning, chopping with clipping machines or similar methods so that they cannot be recycled or read. Support can also be obtained from a specialist organization for the disposal of these data as defined.

 

• The reliable deletion and disposal of electronic media is the responsibility of the Information Technologies group. The data stored in the digital environment is deleted in a way that the relevant parties cannot access and is subject to disposal so that it cannot be reused. In the cloud system, the deletion of the relevant data is carried out by the same group.

 

• Transactions applied to data stored and destroyed in both physical and electronic media are recorded in specially prepared minutes by the data processor and Information Technologies group. The records of the deletion and disposal process made in 6-month periods are kept for 3 years unless otherwise stated by the same groups.

 

ANONIMIZATION OF PERSONAL DATA:

ASLANLAR METAL ALM.P.V.C.PLS.IML.İTH.İHR.SAN. and TİC.LTD.ŞTİ activities are not anonymized.

However, when it comes to the use of some personal data in response to requests made from outside the company for some statistical analysis and evaluation purposes, these data are anonymized in a way that they cannot be matched with the persons to which they belong (identity, position, etc. information is taken out) and can be used by transferring them outside the organization.

In this case, the responsibility is in the data processing department, and compliance with the rules is examined in internal audits.

 

RIGHTS OF THE DATA SUBJECT:

The data owner has the right;

To learn whether personal data is processed or not, to request information about it, if processed,

To learn the purpose of processing personal data and whether they are used in accordance with the purpose,

To learn the people to whom the data is transferred, in the country or abroad,

To request the deletion and disposal of personal data in case the reasons for the processing of personal data disappear,

To request correction or updating of personal data in case of incomplete, inaccurate or outdated data,

To demand the compensation of the damage in case of loss due to the unlawful processing of personal data.

 

COMMUNICATION AND USE OF RIGHTS:

In case of requests within the scope of the above articles, depending on the nature of the request, the request will be finalized as soon as possible and within thirty (30) days at the latest, free of charge, or according to the conditions in the fee schedule to be determined by the KVK/Pers.Data.Prot. Board.

Requests in this regard shall be sent to Hacı Sabancı Organized Industrial Zone Mevlana Cad. No:2 Sarıçam/ADANA as registered letter with return receipt; or to the e-mail address aslanlarmetal@aslanlarmetal.com; or fax number 0322 3944513.

Applications which are not based on a just cause, contain a request contrary to the relevant legislation, and are not in compliance with the application procedure, are rejected with justification.