Policy on Processing and Protection of Employees' Personal Data
OF EMPLOYEES
POLICY OF PROCESSING AND PROTECTION OF PERSONAL DATA
1- INTRODUCTION
Law No. 6698 on the Protection of Personal Data (Law ") introduces important regulations regarding the protection of personal data and processing in accordance with the law. Protection of personal data, Bross Tekstil San. Ve Tic. A.Ş, Yako Tekstil San. Ve Foreign Trade Inc. and Innovatech Otomasyon Sistemleri San. Ve Tic. A.Ş (hereinafter referred to as the "Company") is among its most important priorities. The Company's having appropriate processes in the processing of personal data will significantly increase its ability to act in accordance with the law, and this will affect all related activities. The activities carried out by the Company regarding the protection of the personal data of the Company employees are managed within the framework of the principles set out in the Policy for the Protection and Processing of Personal Data of this Employees ("Policy").
2- PURPOSE OF THE POLICY
In this Policy, the rules to be followed when processing the personal data of the Employees are regulated. Therefore, the purpose of this policy is to determine how the personal data of Employees will be processed. Another purpose of this policy is to inform the Employees about the processing of their personal data.
3- SCOPE OF THE POLICY
This Policy covers the Employees and finds an application area regarding the personal data of the Employees that are processed automatically or non-automatically provided that they are part of any data recording system.
4- DEFINITIONS
Explicit Consent: Consent on a specific subject, based on information and declared with free will,
Anonymous Rendering: Making personal data unrelated to a certain or identifiable natural person under any circumstances, even by matching other data,
Personal Data: All kinds of information regarding an identified or identifiable natural person,
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, through fully or partially automatic means of personal data or non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as classification or prevention of use,
Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,
Data Recording System: The recording system in which personal data are structured and processed according to certain criteria,
Data controller: refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Special Quality Personal Data: Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress code, association foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. data of special nature.
Company Authority: Member of the board of directors of the company and other authorized real persons.
Company Shareholder The shareholders of the company are real persons.
5- EFFECTIVENESS AND UPDATABILITY
This Policy may be updated from time to time in order to adapt to changing conditions and legislation. In case of an update, the updated Policy text will be published on our website at www.bross.com.tr and www.brossocks.com.tr.
6- THE METHOD OF DATA COLLECTION AND LEGAL REASON
Personal data of the employees are based on the above-mentioned purposes, in accordance with the basic principles stipulated in the Law and stipulated in the laws specified in Article 5 of the Law, the legal obligation of the data controller, the establishment of the contract, the execution of the contract, express consent in case of existence, and the legitimate interest of the data controller. It is collected by means of automatic or non-automatic means, directly verbally or in writing, through the conclusion of the employment contract.
7- PERSONAL DATA COLLECTED AND PROCESSED
The personal and private personal data of the employees processed by the company are as follows;
Identity Data: Name-Surname, TR identity number, gender, nationality, date of birth, mother's name, father's name, identity serial number, signature
For Old Identity Submission: Religious, blood type, marital status, place of birth, province, district and neighborhood where the wallet is registered, volume number, family order number, order number, place of issue, date of issue, reason for issue, registration number, previous surname
Contact Data: residence address,
Financial Data: Bank account number, IBAN number,
Special Qualified Personal Data: Criminal record, Blood type certificate, lung film report, tetanus vaccine information, hearing test information
Family Relative Information: Spouse's identity information, child's identity information, marriage certificate information
Visual and Audio Data: Security camera images at company locations, audio data obtained from cameras recording audio
Other: SGK service breakdown certificate, photo, vehicle license plate information in case of entering the company building by car, entry-exit times, military service certificate.
Professional Experience: Diploma information, in-service training, first aid certificate, employment certificate
7.1 General Principles in Processing Personal Data of Employees
Processing in accordance with the Law and the Rules of Good Faith
In the processing of personal data, the principles introduced by legal regulations and the general trust and honesty rule are followed. In this context, personal data are processed in proportion and limited to the purpose for which they are processed.
Ensuring that Personal Data is Accurate and Updated when Required
Periodic checks and updates are made to ensure that the processed data is accurate and up-to-date, taking into account the legitimate interests of the employees, and necessary measures are taken accordingly. In this context, systems for checking the accuracy of personal data and making the necessary corrections are established within the Company. The company takes the necessary measures to keep the personal data of the employees up-to-date. In this context, particular attention is paid to the following:
Employees' personal data (address, telephone, family / close information, etc.) that may change are determined.
Measures are taken to ensure that personal data that is likely to change can be easily seen electronically.
Personal data that is likely to change is not shared by anyone in the electronic environment; it is only seen by the relevant employee himself and other access authorities.
If the employees do not have the opportunity to view the personal data that may change, electronically; Necessary measures are taken to display these personal data in a physical environment.
It is ensured that employees keep their personal data that may change, up-to-date. In this context, active follow-up is carried out by human resources personnel regarding awareness studies.
Apart from the method described above, the Company takes the necessary measures to keep the processed personal data of the employees up to date, according to its own specific conditions.
Processing for Specific, Clear and Legitimate Purposes
Personal data are processed based on clear and precise data processing purposes. Personal data are processed only as much as necessary for these purposes. The purpose for which the data will be processed is revealed before the personal data processing activity begins.
Being Related, Limited and Measured for the Purpose of Processing
Personal data are processed in a way that is suitable for the realization of the determined purposes and the processing of personal data that is not related to the realization of the purpose or is not needed is avoided.
Retaining for the Period Stipulated by the Legislation or Required for the Purpose for which they are Processed
The company keeps personal data only for the period specified in the relevant legislation or for the purpose for which they are processed. In this context, first of all, it is determined whether a period is stipulated for the storage of personal data in the relevant legislation, if a period is determined, this period is treated in accordance with this period, and if a period is not determined, personal data are stored for the period required for the purpose for which they are processed. If there is no legal reason to allow them to be processed for a longer period of time, personal data are deleted, destroyed or anonymized in accordance with the policy principles implemented by our Company in this regard.
8- PURPOSE OF PROCESSING PERSONAL DATA
Personal data of employees are processed based on one or more of the personal data processing conditions specified in Article 5 of the Law, in accordance with the personal data processing principles specified in Article 4 of the Law. In all personal data processing activities carried out by the Company, it is acted in accordance with the obligations sought in all relevant legislation, especially the Law. The special quality personal data mentioned above are processed within the scope of the employees' explicit consent. Personal data of special quality with the personal and express consent of the employees; It is processed by the company in order to carry out our activities within the scope of employee-employer relationship, but not limited to the following issues:
Updating and confirming the accuracy of the information transmitted to us,
Ensuring that the obligations under the contractual relationship are duly fulfilled,
Planning and execution of corporate sustainability, corporate management, strategic planning and information security processes,
Creating the personal file,
Ensuring that payroll transactions are carried out,
In order to fulfill the requirements within the scope of Labor Law, Occupational Health and Safety Law, Social Security Law and related legislation, other laws and legislation; SSI notifications, İŞKUR notifications, police station notification, providing incentives and legal obligations, opening a compulsory private pension insurance account, checking employees' entry and exit records, and determining the match of camera recordings with door entry and exit records for R&D, incentives for R&D making calculations, paying the salary foreclosures of employees to enforcement files, making legal notifications of occupational accident, making occupational health and safety procedures, complying with other information storage, reporting and information obligations stipulated by legislation, relevant regulatory institutions and other authorities, Fulfilling court decisions
Ensuring that the obligations within the scope of the business relationship are duly fulfilled,
Follow-up of contractual processes and / or legal requests,
Fulfillment of obligations arising from employment contracts and / or legislation for company employees,
Planning and / or execution of business continuity activities,
Planning and execution of internal appointment-promotion and dismissal processes,
Planning and execution of internal and external training activities,
Management of relations with business partners and / or suppliers,
Planning and execution of the operational activities required to ensure that the company activities are carried out in accordance with the company procedures and / or the relevant legislation,
Planning and execution of human resources processes,
Planning and execution of company audit activities,
Giving information to the authorized institutions based on the legislation,
Planning and execution of employees' access to information,
Archiving employee information and / or processing it into the system,
Planning and monitoring the performance evaluation processes of employees,
Keeping records of those participating in organizations,
Compensation Management,
Providing products and / or services to employees in order to fulfill the obligations arising from the company's employment contract,
Recording the employees' documents collected during the job application and interview,
9- TERMS OF PROCESSING PERSONAL DATA
The explicit consent of the personal data owner is one of the legal bases that make it possible to process personal data in accordance with the law. Apart from express consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity can be only one of the conditions stated below, and more than one of these conditions can also be the basis of the same personal data processing activity. In case the processed data is personal data of special nature, besides the rules written here; Below, under this section, the conditions under the heading "Conditions where Special Quality Personal Data May be Processed" are applied.
9.1 Processing of Employee Candidates' Personal Data Based on Explicit Consent
Personal data of the employees are processed on the basis of explicit consent, in cases where it is not processed based on a different condition. Employee Candidates are informed about which personal data are processed, for what purposes and for what reasons their personal data are processed, from which sources their personal data is collected, with whom and how these personal data will be shared and their explicit consent is obtained in this way. Obtaining explicit consent is prepared specifically for each data collection source, taking into account the source from which personal data are collected.
9.2 Being Explicitly Stipulated in Laws
In cases where the processing of personal data is explicitly stipulated in the law, the Company processes personal data without the explicit consent of the employee to be processed.
9.3 Failure to Obtain Explicit Consent of the Relevant Person Due to Actual Impossibility
If it is mandatory to process the personal data of the Employee who is unable to disclose his consent due to actual impossibility or to protect the life or body integrity of the employee himself or another person whose consent cannot be validated, the data may be processed without the employee's explicit consent.
9.4 Being Directly Related to the Establishment or Execution of the Contract
Provided that it is directly related to the establishment or performance of a contract, the data may be processed if it is necessary to process the personal data of the parties to the contract.
9.5 Fulfilling the Company's Legal Obligation
If processing is mandatory to fulfill legal obligations as a data controller, the employee's data may be processed without express consent.
9.6 Employee Candidate's Making Personal Data Public
If the employee's personal data is made public by him, the data can be processed without the need for explicit consent.
9.7 When Data Processing is Mandatory for the Establishment or Protection of a Right
If data processing is mandatory for the establishment, use or protection of a right, the data may be processed without the employee's express consent.
9.8 Processing of Data Based on Legitimate Interest
If data processing is mandatory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the employee, the data may be processed without the employee's express consent.
In the presence of at least one of these conditions, personal data processing can be carried out. Data processing activity can be carried out based on one or more of the conditions.
In cases where explicit consent is required, the explicit consent process is completed before the personal data is processed. Our company determines and implements the most useful method according to their specific conditions in informing the employees about the storage, use and sharing of their personal data.
10- TERMS OF PROCESSING SPECIAL QUALITY PERSONAL DATA
Some of the personal data can be stored separately as "special quality personal data" within the scope of the Law.
It is regulated and subject to special protection. Special quality personal data; Biometric and genetic data regarding race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, health, sexual life, criminal conviction. The Company may process health data in the following cases, provided that adequate measures are taken by the Personal Data Protection Board in cases where the employee does not have the express consent of the employee:
Personal data of special nature other than the employee's health and sexual life, only in cases stipulated by the law,
Personal data of special quality related to the health and sexual life of the employee may be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing.
11- TRANSFER OF PERSONAL DATA TO THIRD PARTIES
Personal data and special quality personal data can be transferred to third parties by taking the necessary security measures in line with the processing purposes.
11.1 Transfer of Personal Data
Personal data can be transferred to third parties for data processing purposes if the data owner has explicit consent. If the employee does not have explicit consent, personal data can be transferred to third parties in case of the following situations:
If there is an explicit regulation in the laws that personal data will be transferred,
If it is necessary for the protection of the life or body integrity of the employee or someone else and the personal data owner is unable to explain his consent due to the actual impossibility or if his consent is not legally valid
If it is necessary to transfer personal data belonging to the parties of the contract, provided that it is directly related to the establishment or performance of a contract,
If personal data transfer is mandatory to fulfill a legal obligation of the Company,
If the personal data has been made public by the Employee,
If the transfer of personal data is mandatory for the establishment, use or protection of a right,
If the transfer of personal data is mandatory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the employee.
11.2 Transfer of Special Quality Personal Data
Employees may transfer special personal data to third parties in the following cases:
If the employee has express consent or,
If the employee does not have express consent;
Special quality personal data other than the employee's health and sexual life (race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or trade union membership, criminal conviction and security measures. and biometric and genetic data), in cases stipulated by law,
Special quality personal data regarding the health and sexual life of the employee are only for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, and persons or authorized institutions and organizations under the obligation to keep confidentiality. can be transferred to be processed by.
11.3 Third Parties to whom Personal Data are Transferred and Transfer Purposes
Personal data and special quality personal data can be transferred to third parties by taking necessary security measures in line with the personal data processing conditions and purposes specified in Article 8 of the Law. Personal data; to legally authorized public institutions and private persons, consultants for purposes such as planning and implementing human resources policies in the best way, conducting personnel recruitment processes, carrying out studies to protect their reputation, and providing information to authorized institutions based on legislation
11.4 Transfer of Personal Data and Special Quality Personal Data Abroad
Personal data is not transferred abroad by our company.
12- STORAGE PERIOD OF PERSONAL DATA, DELETION, DESTRUCTION, ANONYMIZING
While determining the storage period of personal data, obligations brought by legal regulations are taken into consideration. Apart from legal regulations, the storage period is determined by taking into account the purposes of processing personal data. In the event that the purpose of data processing disappears, the data will be deleted, destroyed or anonymized unless there is another legal reason or basis that allows the data to be kept. The purpose of processing personal data has ended; If the retention periods determined by the relevant legislation and the Company have also come to an end; Personal data can only be stored in order to provide evidence in possible legal disputes or to assert the relevant right related to personal data or to establish a defense. In the establishment of the periods here, although the statute of limitations and statute of limitations have passed, the retention periods are determined based on the examples in the requests made to the Company on the same issues before. In this case, the stored personal data are not accessed for any other purpose, and access to the relevant personal data is provided only when it is required to be used in the relevant legal dispute. Here too, after the aforementioned period expires, personal data are deleted, destroyed or anonymized.
13- SECURITY OF PERSONAL DATA
In order to ensure the security of personal data, reasonable precautions are taken to prevent unauthorized access risks, accidental data loss, deletion of data or damage to data. All necessary technical and physical measures are taken in order to prevent access to personal data other than those authorized to access. In this context, especially the authorization system is designed in such a way that no one will be able to access more personal data than necessary. Stricter measures are taken compared to other personal data while ensuring the security of special personal data such as health data. Authorized persons are passed through the necessary security checks. In addition, these people are trained about their roles and responsibilities. Access records of personal data are kept to the extent that technical possibilities allow, and these records are reviewed at regular intervals. In case of unauthorized access, an investigation is initiated immediately. Company employees who process personal data comply with the following obligations in order to ensure the security of the processed data:
Acting in accordance with the law and honesty in matters related to the protection of personal data,
Processing personal data accurately, completely and completely,
Carrying out the necessary work to update personal data that has lost its current status,
Informing the relevant manager whenever he / she notices any illegality in the processing of personal data,
Making necessary directions for the use of legal rights regarding personal data.
14-LEGAL RIGHTS OF EMPLOYEES AND METHODS OF USING THESE
In this context, personal data owners;
Learning whether personal data is processed,
If their personal data has been processed, to request information regarding this,
Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
To know the third parties to whom personal data are transferred domestically or abroad,
If personal data are processed incompletely or inaccurately, to request their correction and to notify third parties to whom personal data are transferred,
Although it has been processed in accordance with the provisions of Law No.6698 and other relevant laws, in the event that the reasons requiring its processing disappear, to request the deletion or destruction of personal data and to notify third parties to whom personal data have been transferred,
To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
In case of damage due to unlawful processing of personal data, it has the right to demand the compensation of the damage.
Employees can submit their requests regarding the enumerated rights to the Company through the methods determined by the Board. In order to exercise these rights, the Company can be contacted by using the "Data Controller Application Form" on our websites and the methods specified in this form.
POLICY OF PROCESSING AND PROTECTION OF PERSONAL DATA
1- INTRODUCTION
Law No. 6698 on the Protection of Personal Data (Law ") introduces important regulations regarding the protection of personal data and processing in accordance with the law. Protection of personal data, Bross Tekstil San. Ve Tic. A.Ş, Yako Tekstil San. Ve Foreign Trade Inc. and Innovatech Otomasyon Sistemleri San. Ve Tic. A.Ş (hereinafter referred to as the "Company") is among its most important priorities. The Company's having appropriate processes in the processing of personal data will significantly increase its ability to act in accordance with the law, and this will affect all related activities. The activities carried out by the Company regarding the protection of the personal data of the Company employees are managed within the framework of the principles set out in the Policy for the Protection and Processing of Personal Data of this Employees ("Policy").
2- PURPOSE OF THE POLICY
In this Policy, the rules to be followed when processing the personal data of the Employees are regulated. Therefore, the purpose of this policy is to determine how the personal data of Employees will be processed. Another purpose of this policy is to inform the Employees about the processing of their personal data.
3- SCOPE OF THE POLICY
This Policy covers the Employees and finds an application area regarding the personal data of the Employees that are processed automatically or non-automatically provided that they are part of any data recording system.
4- DEFINITIONS
Explicit Consent: Consent on a specific subject, based on information and declared with free will,
Anonymous Rendering: Making personal data unrelated to a certain or identifiable natural person under any circumstances, even by matching other data,
Personal Data: All kinds of information regarding an identified or identifiable natural person,
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, through fully or partially automatic means of personal data or non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as classification or prevention of use,
Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,
Data Recording System: The recording system in which personal data are structured and processed according to certain criteria,
Data controller: refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Special Quality Personal Data: Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress code, association foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. data of special nature.
Company Authority: Member of the board of directors of the company and other authorized real persons.
Company Shareholder The shareholders of the company are real persons.
5- EFFECTIVENESS AND UPDATABILITY
This Policy may be updated from time to time in order to adapt to changing conditions and legislation. In case of an update, the updated Policy text will be published on our website at www.bross.com.tr and www.brossocks.com.tr.
6- THE METHOD OF DATA COLLECTION AND LEGAL REASON
Personal data of the employees are based on the above-mentioned purposes, in accordance with the basic principles stipulated in the Law and stipulated in the laws specified in Article 5 of the Law, the legal obligation of the data controller, the establishment of the contract, the execution of the contract, express consent in case of existence, and the legitimate interest of the data controller. It is collected by means of automatic or non-automatic means, directly verbally or in writing, through the conclusion of the employment contract.
7- PERSONAL DATA COLLECTED AND PROCESSED
The personal and private personal data of the employees processed by the company are as follows;
Identity Data: Name-Surname, TR identity number, gender, nationality, date of birth, mother's name, father's name, identity serial number, signature
For Old Identity Submission: Religious, blood type, marital status, place of birth, province, district and neighborhood where the wallet is registered, volume number, family order number, order number, place of issue, date of issue, reason for issue, registration number, previous surname
Contact Data: residence address,
Financial Data: Bank account number, IBAN number,
Special Qualified Personal Data: Criminal record, Blood type certificate, lung film report, tetanus vaccine information, hearing test information
Family Relative Information: Spouse's identity information, child's identity information, marriage certificate information
Visual and Audio Data: Security camera images at company locations, audio data obtained from cameras recording audio
Other: SGK service breakdown certificate, photo, vehicle license plate information in case of entering the company building by car, entry-exit times, military service certificate.
Professional Experience: Diploma information, in-service training, first aid certificate, employment certificate
7.1 General Principles in Processing Personal Data of Employees
Processing in accordance with the Law and the Rules of Good Faith
In the processing of personal data, the principles introduced by legal regulations and the general trust and honesty rule are followed. In this context, personal data are processed in proportion and limited to the purpose for which they are processed.
Ensuring that Personal Data is Accurate and Updated when Required
Periodic checks and updates are made to ensure that the processed data is accurate and up-to-date, taking into account the legitimate interests of the employees, and necessary measures are taken accordingly. In this context, systems for checking the accuracy of personal data and making the necessary corrections are established within the Company. The company takes the necessary measures to keep the personal data of the employees up-to-date. In this context, particular attention is paid to the following:
Employees' personal data (address, telephone, family / close information, etc.) that may change are determined.
Measures are taken to ensure that personal data that is likely to change can be easily seen electronically.
Personal data that is likely to change is not shared by anyone in the electronic environment; it is only seen by the relevant employee himself and other access authorities.
If the employees do not have the opportunity to view the personal data that may change, electronically; Necessary measures are taken to display these personal data in a physical environment.
It is ensured that employees keep their personal data that may change, up-to-date. In this context, active follow-up is carried out by human resources personnel regarding awareness studies.
Apart from the method described above, the Company takes the necessary measures to keep the processed personal data of the employees up to date, according to its own specific conditions.
Processing for Specific, Clear and Legitimate Purposes
Personal data are processed based on clear and precise data processing purposes. Personal data are processed only as much as necessary for these purposes. The purpose for which the data will be processed is revealed before the personal data processing activity begins.
Being Related, Limited and Measured for the Purpose of Processing
Personal data are processed in a way that is suitable for the realization of the determined purposes and the processing of personal data that is not related to the realization of the purpose or is not needed is avoided.
Retaining for the Period Stipulated by the Legislation or Required for the Purpose for which they are Processed
The company keeps personal data only for the period specified in the relevant legislation or for the purpose for which they are processed. In this context, first of all, it is determined whether a period is stipulated for the storage of personal data in the relevant legislation, if a period is determined, this period is treated in accordance with this period, and if a period is not determined, personal data are stored for the period required for the purpose for which they are processed. If there is no legal reason to allow them to be processed for a longer period of time, personal data are deleted, destroyed or anonymized in accordance with the policy principles implemented by our Company in this regard.
8- PURPOSE OF PROCESSING PERSONAL DATA
Personal data of employees are processed based on one or more of the personal data processing conditions specified in Article 5 of the Law, in accordance with the personal data processing principles specified in Article 4 of the Law. In all personal data processing activities carried out by the Company, it is acted in accordance with the obligations sought in all relevant legislation, especially the Law. The special quality personal data mentioned above are processed within the scope of the employees' explicit consent. Personal data of special quality with the personal and express consent of the employees; It is processed by the company in order to carry out our activities within the scope of employee-employer relationship, but not limited to the following issues:
Updating and confirming the accuracy of the information transmitted to us,
Ensuring that the obligations under the contractual relationship are duly fulfilled,
Planning and execution of corporate sustainability, corporate management, strategic planning and information security processes,
Creating the personal file,
Ensuring that payroll transactions are carried out,
In order to fulfill the requirements within the scope of Labor Law, Occupational Health and Safety Law, Social Security Law and related legislation, other laws and legislation; SSI notifications, İŞKUR notifications, police station notification, providing incentives and legal obligations, opening a compulsory private pension insurance account, checking employees' entry and exit records, and determining the match of camera recordings with door entry and exit records for R&D, incentives for R&D making calculations, paying the salary foreclosures of employees to enforcement files, making legal notifications of occupational accident, making occupational health and safety procedures, complying with other information storage, reporting and information obligations stipulated by legislation, relevant regulatory institutions and other authorities, Fulfilling court decisions
Ensuring that the obligations within the scope of the business relationship are duly fulfilled,
Follow-up of contractual processes and / or legal requests,
Fulfillment of obligations arising from employment contracts and / or legislation for company employees,
Planning and / or execution of business continuity activities,
Planning and execution of internal appointment-promotion and dismissal processes,
Planning and execution of internal and external training activities,
Management of relations with business partners and / or suppliers,
Planning and execution of the operational activities required to ensure that the company activities are carried out in accordance with the company procedures and / or the relevant legislation,
Planning and execution of human resources processes,
Planning and execution of company audit activities,
Giving information to the authorized institutions based on the legislation,
Planning and execution of employees' access to information,
Archiving employee information and / or processing it into the system,
Planning and monitoring the performance evaluation processes of employees,
Keeping records of those participating in organizations,
Compensation Management,
Providing products and / or services to employees in order to fulfill the obligations arising from the company's employment contract,
Recording the employees' documents collected during the job application and interview,
9- TERMS OF PROCESSING PERSONAL DATA
The explicit consent of the personal data owner is one of the legal bases that make it possible to process personal data in accordance with the law. Apart from express consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity can be only one of the conditions stated below, and more than one of these conditions can also be the basis of the same personal data processing activity. In case the processed data is personal data of special nature, besides the rules written here; Below, under this section, the conditions under the heading "Conditions where Special Quality Personal Data May be Processed" are applied.
9.1 Processing of Employee Candidates' Personal Data Based on Explicit Consent
Personal data of the employees are processed on the basis of explicit consent, in cases where it is not processed based on a different condition. Employee Candidates are informed about which personal data are processed, for what purposes and for what reasons their personal data are processed, from which sources their personal data is collected, with whom and how these personal data will be shared and their explicit consent is obtained in this way. Obtaining explicit consent is prepared specifically for each data collection source, taking into account the source from which personal data are collected.
9.2 Being Explicitly Stipulated in Laws
In cases where the processing of personal data is explicitly stipulated in the law, the Company processes personal data without the explicit consent of the employee to be processed.
9.3 Failure to Obtain Explicit Consent of the Relevant Person Due to Actual Impossibility
If it is mandatory to process the personal data of the Employee who is unable to disclose his consent due to actual impossibility or to protect the life or body integrity of the employee himself or another person whose consent cannot be validated, the data may be processed without the employee's explicit consent.
9.4 Being Directly Related to the Establishment or Execution of the Contract
Provided that it is directly related to the establishment or performance of a contract, the data may be processed if it is necessary to process the personal data of the parties to the contract.
9.5 Fulfilling the Company's Legal Obligation
If processing is mandatory to fulfill legal obligations as a data controller, the employee's data may be processed without express consent.
9.6 Employee Candidate's Making Personal Data Public
If the employee's personal data is made public by him, the data can be processed without the need for explicit consent.
9.7 When Data Processing is Mandatory for the Establishment or Protection of a Right
If data processing is mandatory for the establishment, use or protection of a right, the data may be processed without the employee's express consent.
9.8 Processing of Data Based on Legitimate Interest
If data processing is mandatory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the employee, the data may be processed without the employee's express consent.
In the presence of at least one of these conditions, personal data processing can be carried out. Data processing activity can be carried out based on one or more of the conditions.
In cases where explicit consent is required, the explicit consent process is completed before the personal data is processed. Our company determines and implements the most useful method according to their specific conditions in informing the employees about the storage, use and sharing of their personal data.
10- TERMS OF PROCESSING SPECIAL QUALITY PERSONAL DATA
Some of the personal data can be stored separately as "special quality personal data" within the scope of the Law.
It is regulated and subject to special protection. Special quality personal data; Biometric and genetic data regarding race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, health, sexual life, criminal conviction. The Company may process health data in the following cases, provided that adequate measures are taken by the Personal Data Protection Board in cases where the employee does not have the express consent of the employee:
Personal data of special nature other than the employee's health and sexual life, only in cases stipulated by the law,
Personal data of special quality related to the health and sexual life of the employee may be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing.
11- TRANSFER OF PERSONAL DATA TO THIRD PARTIES
Personal data and special quality personal data can be transferred to third parties by taking the necessary security measures in line with the processing purposes.
11.1 Transfer of Personal Data
Personal data can be transferred to third parties for data processing purposes if the data owner has explicit consent. If the employee does not have explicit consent, personal data can be transferred to third parties in case of the following situations:
If there is an explicit regulation in the laws that personal data will be transferred,
If it is necessary for the protection of the life or body integrity of the employee or someone else and the personal data owner is unable to explain his consent due to the actual impossibility or if his consent is not legally valid
If it is necessary to transfer personal data belonging to the parties of the contract, provided that it is directly related to the establishment or performance of a contract,
If personal data transfer is mandatory to fulfill a legal obligation of the Company,
If the personal data has been made public by the Employee,
If the transfer of personal data is mandatory for the establishment, use or protection of a right,
If the transfer of personal data is mandatory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the employee.
11.2 Transfer of Special Quality Personal Data
Employees may transfer special personal data to third parties in the following cases:
If the employee has express consent or,
If the employee does not have express consent;
Special quality personal data other than the employee's health and sexual life (race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or trade union membership, criminal conviction and security measures. and biometric and genetic data), in cases stipulated by law,
Special quality personal data regarding the health and sexual life of the employee are only for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, and persons or authorized institutions and organizations under the obligation to keep confidentiality. can be transferred to be processed by.
11.3 Third Parties to whom Personal Data are Transferred and Transfer Purposes
Personal data and special quality personal data can be transferred to third parties by taking necessary security measures in line with the personal data processing conditions and purposes specified in Article 8 of the Law. Personal data; to legally authorized public institutions and private persons, consultants for purposes such as planning and implementing human resources policies in the best way, conducting personnel recruitment processes, carrying out studies to protect their reputation, and providing information to authorized institutions based on legislation
11.4 Transfer of Personal Data and Special Quality Personal Data Abroad
Personal data is not transferred abroad by our company.
12- STORAGE PERIOD OF PERSONAL DATA, DELETION, DESTRUCTION, ANONYMIZING
While determining the storage period of personal data, obligations brought by legal regulations are taken into consideration. Apart from legal regulations, the storage period is determined by taking into account the purposes of processing personal data. In the event that the purpose of data processing disappears, the data will be deleted, destroyed or anonymized unless there is another legal reason or basis that allows the data to be kept. The purpose of processing personal data has ended; If the retention periods determined by the relevant legislation and the Company have also come to an end; Personal data can only be stored in order to provide evidence in possible legal disputes or to assert the relevant right related to personal data or to establish a defense. In the establishment of the periods here, although the statute of limitations and statute of limitations have passed, the retention periods are determined based on the examples in the requests made to the Company on the same issues before. In this case, the stored personal data are not accessed for any other purpose, and access to the relevant personal data is provided only when it is required to be used in the relevant legal dispute. Here too, after the aforementioned period expires, personal data are deleted, destroyed or anonymized.
13- SECURITY OF PERSONAL DATA
In order to ensure the security of personal data, reasonable precautions are taken to prevent unauthorized access risks, accidental data loss, deletion of data or damage to data. All necessary technical and physical measures are taken in order to prevent access to personal data other than those authorized to access. In this context, especially the authorization system is designed in such a way that no one will be able to access more personal data than necessary. Stricter measures are taken compared to other personal data while ensuring the security of special personal data such as health data. Authorized persons are passed through the necessary security checks. In addition, these people are trained about their roles and responsibilities. Access records of personal data are kept to the extent that technical possibilities allow, and these records are reviewed at regular intervals. In case of unauthorized access, an investigation is initiated immediately. Company employees who process personal data comply with the following obligations in order to ensure the security of the processed data:
Acting in accordance with the law and honesty in matters related to the protection of personal data,
Processing personal data accurately, completely and completely,
Carrying out the necessary work to update personal data that has lost its current status,
Informing the relevant manager whenever he / she notices any illegality in the processing of personal data,
Making necessary directions for the use of legal rights regarding personal data.
14-LEGAL RIGHTS OF EMPLOYEES AND METHODS OF USING THESE
In this context, personal data owners;
Learning whether personal data is processed,
If their personal data has been processed, to request information regarding this,
Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
To know the third parties to whom personal data are transferred domestically or abroad,
If personal data are processed incompletely or inaccurately, to request their correction and to notify third parties to whom personal data are transferred,
Although it has been processed in accordance with the provisions of Law No.6698 and other relevant laws, in the event that the reasons requiring its processing disappear, to request the deletion or destruction of personal data and to notify third parties to whom personal data have been transferred,
To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
In case of damage due to unlawful processing of personal data, it has the right to demand the compensation of the damage.
Employees can submit their requests regarding the enumerated rights to the Company through the methods determined by the Board. In order to exercise these rights, the Company can be contacted by using the "Data Controller Application Form" on our websites and the methods specified in this form.