Home Corporate PDPL POLICY
#BECAUSEWECARE

PDPL POLICY
  1. CHAPTER: INTRODUCTION

 

  1. IMPORTANCE OF PROTECTION OF PERSONAL DATA

The protection of personal data is a constitutional right and is within the scope of our Company's priorities. As a matter of fact, it is aimed to establish a system which is constantly updated in our Company and this policy has been established. Within the scope of the Personal Data Protection Law No. 6698, this Policy is made in order to fulfill the general disclosure obligation of HAUS Centrifuge Tech. (Company) as Data Responsible and to determine the basic principles of our Company's personal data processing rules and in this context, the protection of the personal data of our customers, potential customers, employees, employee candidates, trainees and students, supplier / subcontractor employees and authorities, company shareholders and company partners, visitors and other data we process.

To implement the issues specified in this Policy, necessary procedures are organized within the Company enlightening texts are created compatible with Personal Data Processing Inventory specific to person categories, personal data protection and confidentiality agreements are made with Company employees and third parties that have access to personal data, job descriptions are revised, for the protection of personal data, administrative and technical measures are taken by HAUS Centrifuge Tech. and in this context, necessary evaluations performed or being performed. The protection of personal data is also under the responsibility of the top management, and the protection of personal data is managed through the establishment of a special Committee (the Company's PDP Committee).

  • THE PURPOSE OF POLICY

The main purpose of this Policy is to establish the principles of personal data processing and protection of personal data, which are carried out by HAUS Centrifuge Tech. in accordance with the law, and to ensure transparency by informing and informing the persons whose personal data is processed by our company.

  • SCOPE

This Policy relates to all personal data of individuals categorized under the titles of “our customers, potential customers, employees, employee candidates, trainees and students, supplier / subcontractor employees and officials, company shareholders and company partners, visitors, parents / guardian / representative and other third parties” that we process in an automated or non-automated manner provided that they are part of any data recording system.

  1. IMPLEMENTATION OF POLICY AND RELATED LEGISLATION

The relevant legal regulations in force regarding the processing and protection of personal data will primarily be applied. In case of any inconsistency between the current legislation and the Policy, our Company accepts that the current legislation will find its application.

  1. ACCESS AND UPDATE

Policy is published on our Company's website www.haus.com.tr and made available to the relevant persons upon request of the personal data owners and updated as necessary.

  1. CHAPTER: PROCESSING PERSONAL DATA

Our Company, in the processing of personal data, conducts personal data processing proper with the law and the rules of honesty, accurate and up to date when necessary; for specific, clear and legitimate purposes; in a limited and measured manner, in accordance with Article 20 of the Constitution and Article 4 of the PDP Law. Our Company stores personal data for the period required by law or for the purpose of personal data processing.

Our Company processes personal data in accordance with Articles 20 of the Constitution and 5 of the PDP Law and based on one or more of the provisions of Article 5 of the PDP Law on the processing of personal data.

Pursuant to Article 419 of the Code of Obligations, our Company processes the personal data of employees and prospective employees based on their tendency to work and the performance of the employment contract reserving PDP Law No.6698.

Our Company enlightens personal data owners in accordance with Articles 20 and 10 of the PDP Law and provides the necessary information if personal data owners request information and apply to use their rights arising from the law and responds to the applications within the legal period.

Our company acts in accordance with the regulations envisaged for the processing of private personal data in accordance with Article 6 of the PDP Law.

Our Company complies with the rules stipulated in the Law on the transfer of personal data in accordance with Articles 8 and 9 of the PDP Law and performs the application by taking into consideration the decisions taken and published by the PDP Board and the safe country lists.

  • PROCESSING PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES AND RULES PROVIDED IN THE LEGISLATION
  1. Principles of Processing of Personal Data
  1. Processing in Accordance with Law and Honesty Rule

Our company; acts in accordance with the principles brought by legal regulations and honesty in the processing of personal data. In this context, our Company identifies legal grounds that will require the processing of personal data, takes into account the requirements of proportionality, does not use personal data outside of the intended purpose and does not perform any processing without the knowledge of the persons.

  1. Ensuring That Personal Data Is Accurate and Up to Date When Necessary

Our company; considering the fundamental rights of the personal data owners and their legitimate interests, it ensures that the personal data it processes are accurate and up-to-date and takes necessary measures in this direction. In this context, data on all categories of people are kept up to date. In particular, customer and potential customer data are carefully updated and e-mails and offers are not sent to individuals for marketing and promotional purposes contrary to their consent.

  1. Processing for Specific, Clear and Legitimate Purposes

Our company clearly and accurately determines the purpose of processing legitimate and lawful personal data. Our company processes personal data in connection with the service it provides and processes it as necessary. The purpose of the processing of personal data is determined by our company before the processing activity and is also recorded in the “Personal Data Inventory”.

  1. Being Affiliated, Limited and Restrained on The Purpose of Processing

Our Company processes the use of personal data in an appropriate manner and avoids the processing of personal use that is not or is not required to achieve the purpose. In this context, processes are constantly reviewed and the principle of minimalization of personal data is tried to be implemented.

  1. Retention Time Required By The Relevant Legislation or For The Purpose For Which It Was Processed

Our Company maintains personal data only for the period required for the purpose specified in the relevant legislation or processed. In this context, our Company first determines whether a period is stipulated in the relevant legislation for the storage of personal data, if a period is determined, acts in accordance with this period, takes into account the statutory limitation periods and stores the personal data for the time required for the purpose for which they were processed. If the reasons for expiration or elimination of personal data are eliminated, personal data is deleted, destroyed or anonymized in accordance with our Company's “Storage and Deletion of Personal Data” policy.

  1. Rules for the Processing of General Personal Data

Protection of personal data is a constitutional right, and fundamental rights and freedoms may be restricted only by law, without being touched by the substance of the Constitution, solely for the reasons specified in the relevant articles of the Constitution. Pursuant to the third paragraph of Article 20 of the Constitution, personal data may be processed only in cases provided for by law or with the express consent of the person. In the processing of personal data, our company only processes personal data without the express consent of the person concerned if there are any of the following conditions;

  1. Explicitly stated in the law,
  2. It is to be compulsory for the protection of the life or body integrity of the person who is unable to disclose his consent due to the impossibility of the person or whose consent is not granted legal validity,
  3. If the processing of personal data of the parties to the contract is required, provided that it is directly related to the establishment or performance of a contract,

Ç) Obligation for the data responsible to fulfill his legal obligation,

  1. Publication by the person concerned,
  2. Data processing is mandatory for the establishment, use or protection of a right,
  3. If data is compulsory for the legitimate interests of the data responsible, provided that they do not harm the fundamental rights and freedoms of the person concerned

In the absence of the above conditions, our Company uses the consent of the person concerned based on open, free will and information. Especially in the field of Human Resources and labor relations, taking into consideration the dependency relationship of the employee, the data is primarily based on the reasons for compliance with the law which is not consented, but in the absence of such reasons, explicit consent is applied. On the other hand, processing activities are carried out based on the consent of the person concerned in activities such as marketing. However, in all cases where personal data is processed, people are always “enlightened” and data processing is carried out.

  1. Rules for the Processing of Private Personal Data

The Company complies with the regulations stipulated in the PDP Law for the processing of personal data designated as “private category by the PDP Law. In Article 6 of the PDP Law, several personal data that are at risk of causing exploitation or discrimination of persons when processed unlawfully are identified as “private category” and attention and sensitivity should be paid to the processing of such data. These include data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, criminal convictions, and security measures, and biometric and genetic data. Pursuant to the KVK Law, personal data are processed by our Company in the following cases provided that the necessary precautions are taken:

ü Personal data, other than the health and sexual life of the personal data owner, are based on the circumstances provided for by law or if the personal data owner has explicit consent,

üPersonal data relating to the health and sexual life of the personal data owner may only be used by persons or authorized institutions who are under the obligation of secrecy for the purpose of protection of public are processed by organizations or with the express consent of the personal data owner.

ü Regardless of the reason, the general data processing principles are always considered in the processing processes and compliance with these principles is ensured. (Art. 4 of the KVK Law; see Chapter 2 above, I, 1.

As regards the protection of private data, the “Protection of Private Data Policy” has been put into effect in our company, and our business units act in accordance with the provisions of this policy and take the necessary measures.

  1. Enlightening and Informing Related Persons Whose Data Processed

In accordance with Article 10 of the PDP Law, our Company informs the owners of personal data during the acquisition of personal data. In this context, the purpose of the processing personal data of the relevant person, the processed personal data can be transferred to whom and for what purpose, the method of collecting personal data and legal reasons and the rights of the person whose personal data is processed are explained and The relevant units of our Company fulfill the required procedures in accordance with our Company's “Enlightening Principles Policy”. Again, in Article 11 of the PDP Law, “Requesting Information” is listed among the rights of the person whose personal data is processed and in accordance with Articles 20 of the Constitution and Article 11 of the PDP Law, our Company provides the necessary information if the person whose personal data is processed requests information and in this respect, the Company performs transactions in accordance with the "Concerned Person Application Procedure".

  • PERSONAL DATA TRANSFER

Our company can transfer the personal data of the person whose personal data is processed to the third parties by taking necessary security measures in accordance with the legal data processing purposes. In this respect, our company acts in accordance with the regulations stipulated in article 8 of the PDP Law.

  1. Principles of Transferring Personal Data

For legitimate and lawful personal data processing purposes, our Company may transfer personal data to third parties based on one or more of the personal data processing conditions set out in Article 5 of the Law following:

If the person whose personal data is processed has explicit consent, based upon this; or

  • If there is a clear regulation in the law that personal data will be transferred,
  • If it is compulsory for the protection of the life or body integrity of the personal data owner or someone else, if the personal data owner is unable to disclose his consent due to actual impossibility or his/her consent is not granted legal validity;

 

  • If it is necessary to transfer personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
  • If personal data transfer is mandatory for our company to fulfill its legal obligation,
  • If the personal data are publicized by the person concerned,
  • If personal data transfer is compulsory for the establishment, use or protection of a right,
  • If personal data transfer is compulsory for the legitimate interests of our Company if it is necessary to transfer personal data provided that it does not harm the fundamental rights and freedoms of the person concerned, personal data could be transferred.

Regardless of the reason, the general principles of data processing are always considered in the transfer processes and compliance with these principles is ensured. (Article 4 of the PDP Law; see Chapter 2 above, I, 1).

  1. Transfer of Private Personal Data

Our company is able to transfer the personal data of the person concerned whose private personal data is processed to third parties for legitimate and lawful personal data processing purposes in the following cases with due diligence, taking necessary security measures, Taking adequate measures foreseen by the PDP Board.

  • if the person has explicit consent, based upon this or
  • if the person has no explicit consent;
    • In cases prescribed by law, private personal data related to person other than personal health and sexual life (data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, criminal convictions, security measures, and biometric and genetic data),
    • Personal data relating to the health and sexual life of the person concerned may be processed by persons under the obligation of keeping secrets or authorized institutions and organizations for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing.

Regardless of the reason, the general principles of data processing are always considered in the transfer processes and compliance with these principles is ensured. (Article 4 of the KVK Law; see Chapter 2 above, I, 1).

  1. Transferring Personal Data Abroad

Our company is able to transfer the personal data and private personal data it processes to third parties by taking the necessary security measures in accordance with the legal personal data processing purposes. Personal data  could be transferred by our company to foreign countries (Foreign Country with Adequate Protection ”) that have been declared by PDP Board to be sufficient in having protection  or in case of the lack of adequate protection if an adequate protection committed in writing by data responsible  in Turkey and in the foreign countries (Foreign Country in which the Data Responsible is Committed to Adequate Protection ”) where had the PDP Board's permission.

For the purposes of legitimate and lawful personal data processing, if the person whose personal data is processed has explicit consent or does not have explicit consent, our Company may transfer the personal data to the Foreign Countries where has the Adequate Protection or the Data Responsible Committed to Sufficient Protection in the presence of one of the following situations:

  • If there is a clear regulation in the law that personal data will be transferred,
  • If it is compulsory for the protection of the life or body integrity of the personal data owner or someone else, if the personal data owner is unable to disclose his consent due to actual impossibility or his/her consent is not granted legal validity;
  • If it is necessary to transfer personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
  • If personal data transfer is mandatory for our company to fulfill its legal obligation,
  • If the personal data are publicized by the person concerned,
  • If personal data transfer is compulsory for the establishment, use or protection of a right,
  • If personal data transfer is compulsory for the legitimate interests of our Company if it is necessary to transfer personal data provided that it does not harm the fundamental rights and freedoms of the person concerned.
  1. Purposes of Transferring Personal Data by Our Company and Person Whose Data Transferred Categories
  1. Data Transfer Objectives

Data transfer is carried out for the purposes such as ensuring the fulfillment of the objectives of our company's activities and organizations, ensuring that the services provided by our Company from the supplier outsourced and necessary for carrying out the commercial activities of our Company are provided to our Company, ensuring the execution of human resources and employment policies of our company, ensuring the fulfillment of the obligations and the necessary measures to be taken within the framework of occupational health and safety of our company.

  1. The Persons to Whom Data Transferred

In accordance with Articles 8 and 9 of the PDP Law, personal data can be transferred to the following categories of persons:

AUTHORIZED PUBLIC INSTITUTIONS

Public institutions and organizations authorized to receive information and documents from our company

Data is shared according to the relevant legislation.

 

AUTHORIZED PRIVATE LAW PERSON

Private law persons authorized to receive information and documents from our company

There is limited data sharing for the purpose requested by the relevant private law persons within the legal authority.

 

SUBSIDIARIES

Companies in which our company is a shareholder

Data sharing is limited in order to ensure the conduct of commercial activities of our Company which require the participation of subsidiaries.

 

SHAREHOLDER

Shareholders of the Company

Data sharing is limited for the purpose of designing strategies for the commercial activities of our Company and for evaluation purposes.

 

BUSSINESS PARTNERS

The parties that the Company establishes business partnerships for the purposes of sales, promotion and marketing of our company's products and services, after-sales support, and the execution of joint customer loyalty programs while conducting commercial activities of our company.

Data sharing is limited in order to ensure that the business partnership aims to be established.

 

SUPPLIER

Our company's commercial activities

Data sharing is limited in order to provide the necessary services for the Company to carry out its commercial activities provided by outsourcing of the Company from the supplier.

 
 
 
 
 
 
 
 
 
 
 

GROUP COMPANIES UNDER OUR SUBSIDIARY

Inside Our Company's subsidiary or group

In order to conduct commercial activities of our company, data is shared with our subsidiary in a limited and measured manner.
Personal data is shared due to the operational processes and support processes carried out together, and data is shared with other group companies in a limited and limited manner in order to conduct commercial activities of our Company.

 
 
 
 
 
 
 
 

Transactions made by our Company are in compliance with the principles and rules set forth in this Policy.

  • PERSONAL DATA CATEGORIES

Persons whose data are processed in our company and the data processed within this scope are categorized as follows;

PERSON CATEGORIZATION

EMPLOYEE CANDIDATE

Real persons who have applied for a job in any way or have opened their CV and relevant information for review.

EMPLOYEE

Real persons working in our company

SHAREHOLDERS / PARTNERS

Real persons who are shareholders and partners of our company

POTENTIAL CUSTOMER

Natural persons who have requested or are interested in the use of our products and services or have been assessed in accordance with the rules of commercial custom and honesty to which they may have interest

INTERN /STUDENT

Persons who do internships in our company and who work under the Law on Vocational Training of Employees (VTEL)

SUPPLIER EMPLOYEES

Real persons who work in organizations (such as, but not limited to, business partners, suppliers) with which our Company has business relations

SUPPLIER AUTHORIZATION

Real persons in Our company's business relationship with the institutions' shareholders and officials

CLIENT

Real persons who use or have used the products and services offered by our Company, regardless of whether they have any contractual relationship with our Company

CUSTODIAN / GUARDIAN / REPRESENTATIVE

Real persons whose personal data are processed as custodians, guardians or representatives.

VISITOR

Real persons who have entered the physical campus of our Company for various purposes or who have visited our websites

MISCELLANIOUS

Third party real persons (eg family members and relatives) associated with the Company in order to ensure the security of commercial transactions with the above-mentioned parties or to protect the rights and interests of such persons.

DATA CATEGORIZATION

The ID INFO which is processed partially or fully automated or non-automated processing as part of the data recording system and obvious that it belongs to an identified or identifiable real person; Information on documents such as driver's license, identity card, residence, passport, attorney ID, marriage certificate

The COMMUNICATION INFO which is processed partially or fully automated or non-automated processing as part of the data recording system and obvious that it belongs to an identified or identifiable real person; phone number, address, e-mail

LOCATION INFO

The INFO which is processed partially or fully automated or non-automated processing as part of the data recording system and obvious that it belongs to an identified or identifiable real person; such an information that identifies the location of the employee's use of our products and services, or the location of employees of organizations with whom we collaborate with our employees while using our Company's vehicles

PERSONNEL FILE

The INFO which is processed partially or fully automated or non-automated processing as part of the data recording system and obvious that it belongs to an identified or identifiable real person; such any personal data that is processed to obtain information that will constitute the basis for the personal rights of our employees or real persons in working relationship with our Company.

LEGAL PROCESS AND COMPLIANCE INFORMATION

The INFO which is processed partially or fully automated or non-automated processing as part of the data recording system and obvious that it belongs to an identified or identifiable real person; such personal data processed within the scope of determination, follow-up of our legal receivables and rights and performance of our debts and compliance with our legal obligations and policies of our company

CUSTOMER TRANSACTION INFORMATION

It is evident that the identity belongs to a certain or identifiable real person and is contained within the data recording system; such information on the use of our products and services, as well as instructions and requests required by the customer for the use of the products and services

PHYSICAL SPACE SAFETY INFORMATION

It is evident that the identity belongs to a certain or identifiable real person and is contained within the data recording system; such personal data on records and documents received during entry into the physical space, during the stay in the physical space

OPERATIONAL SAFETY INFORMATION

It is evident that the identity belongs to a certain or identifiable real person and is contained within the data recording system; such personal data processed to ensure technical, administrative, legal and commercial security while conducting activities.

RISK MANAGEMENT INFORMATION

It is evident that the identity belongs to a certain or identifiable real person and is contained within the data recording system; such personal data processed in accordance with generally accepted legal, commercial custom and honesty rules in these areas in order to manage our commercial, technical and administrative risks

FINANCIAL INFORMATION

The INFO which is processed partially or fully automated or non-automated processing as part of the data recording system and obvious that it belongs to an identified or identifiable real person; such personal data regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship established by our company's personal data owner

PERFORMANCE AND CAREER DEVELOPMENT KNOWLEDGE (PROFESSIONAL EXPERIENCE KNOWLEDGE)

The INFO which is processed partially or fully automated or non-automated processing as part of the data recording system and obvious that it belongs to an identified or identifiable real person; such personal data processed to measure the performance of our employees or real persons in working relationship with our Company and to plan and conduct career developments within the scope of our company's human resources policy

MARKETING INFORMATION

The INFO which is processed partially or fully automated or non-automated processing as part of the data recording system and obvious that it belongs to an identified or identifiable real person; personal data of our products and services in order to be customized and marketed according to the usage habits, tastes and needs of the personal data owner and the reports and evaluations created as a result of these processing results

VISUAL / AUDIO INFORMATION

The Personal Data which is processed partially or fully automated or non-automated processing as part of the data recording system and obvious that it belongs to an identified or identifiable real person; For example: photographs and camera recordings (except those included in the Physical Space Security Information), audio recordings and data contained in documents that are copies of documents containing personal data

PRIVATE DATA I

(HEALTH / SEXUAL LIFE)

Data on health and sexual life

PRIVATE DATA II

data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, criminal conviction and security measures, and biometric and genetic data

                                    

  1. CHAPTER: LEGAL BASIS AND PURPOSES OF PROCESSING PERSONAL DATA

 

  1. LEGAL BASIS OF PROCESSING PERSONAL DATA

 

  1. General Principles

Although the legal basis for the processing of personal data varies by our company, all kinds of personal data processing activities are carried out in accordance with the general principles in article 4 of the Law No. 6698. According to this; all kinds of data processing

  1. Compliance with law and honesty,
  2. Accuracy and up to date when necessary,
  3. Processing for specific, clear and legitimate purposes,
  4. Being connected, limited and restrained for the purpose they are processed,
  5. e) The general principles of keeping for the period required for the purpose for which they are envisaged or processed are taken into consideration in the relevant legislation.
  1. Reasons for Compliance with Law

 

  1. Obtaining the Explicit Consent Of The Personal Data Owner

One of the conditions for the processing of personal data is the explicit consent of the owner. The explicit consent of the personal data owner should be disclosed on a particular subject, based on information and free will.

  1. Clearly Stated in Laws

The personal data of the data owner may be processed in accordance with the law if explicitly provided for in the law.

For example, reporting the identity of our employees to the competent authorities in accordance with the Identity Legislation.

  1. Failure to Obtain Explicit Consent of The Person Due to Actual Impossibility

Personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to disclose his consent due to the actual impossibility or whose consent cannot be validated, or to protect the life or body integrity of another person. For example, sharing the blood group information of the fainted employee with the physician.

  1. Direct Interest in The Establishment or Execution of the Contract

Provided that it is directly related to the establishment or execution of a contract, it is possible to process personal data if it is necessary to process the personal data of the parties to the contract. For example, obtaining CVs from the candidate for the establishment of the employment contract, obtaining an address for notification within the scope of the contract.

  1. Fulfilling the Company's Legal Obligation

If it is compulsory for our company to fulfill its legal obligations as data responsible, personal data of the data owner may be processed. For example, the processing of family information to benefit the Employee from the Minimum Living Allowance.

  1. Publicization of Personal Data by Data Owner

If the data owner has publicized his/her personal data, the relevant personal data may be processed. For example, if our Company's customers present their complaints, requests or suggestions on a public platform on the internet, they publicize their relevant information. In this case, it is possible for the authorized person of our Company to process the data provided that it is limited to respond to complaints, requests or suggestions.

  1. G) Requiring Data Processing to Establish or Protect a Right

If it is necessary to process data for the establishment, use or protection of a right, the personal data of the data owner may be processed. For example, storage of proof data (sales contract, invoice) and use as needed.

  1. Obligation of Data Processing for the Legitimate Benefit of Our Company

Personal data of the data owner may be processed if it is compulsory for the legitimate interests of our Company to process data provided that it does not harm the fundamental rights and freedoms of the personal data owner. For example, monitoring the Company's critical points against theft or occupational safety with a security camera.

  1. Processing of Private Personal Data and Reasons for Compliance with Law

If the personal data owner does not have explicit consent, private personal data can only be processed by our company, provided that enough measures are taken by the PDP Board. Personal data relating to the health and sexual life of the personal data owner may be processed by persons who are obliged to keep confidential information or by authorized institutions and organizations only for the purpose of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. Regardless of the reason, the general data processing principles are always considered in the processing processes and compliance with these principles is ensured (Article 4 of the PDP Law; see Chapter 2 above, I, 1).

  • PURPOSE OF PERSONAL DATA PROCESSING

Our Company processes personal data limited to the purposes and conditions within the personal data processing conditions specified in article 5, paragraph 2, and paragraph 6 of article 6 of the Personal Data Protection Law No. 6698. In the process of data processing, the legal basis mentioned above is taken into consideration and the consent of the person is requested if there are no other reasons for compliance with the law. Here too, general principles are audited under Article 4, and above all, data processing is generally required to comply with the principles of lawfulness. The consent of the person concerned is obtained in an "open, informative and free will" manner. The purposes of processing personal data are also stated in the “Personal Data Inventory” of our Company.

Personal data are processed in the units of our Company especially for the following purposes;

  • In order to fulfill the mutual obligations arising from the employment contract as an employer, the personal data of the employees must be processed. Personal data of employees; accurate and up-to-date when necessary; for specific, clear and legitimate purposes; are processed and stored in a connected, limited and measured manner. In this context, carrying out Establishment, execution and termination of the employment contract in accordance with the law, the fulfillment of legal obligations related to the employment of employees provided that it is not contrary to fundamental rights and freedoms, the Company's legitimate interests, the conditions explicitly provided for in the law, In cases of legal follow-up, data processing is mandatory for the establishment, use and protection of the right and required the clear, informative, and free-will consent of the employees in other circumstances form the legal basis for personal data processing in order to ensure that employees are employed in accordance with the law.

 

  • Within the scope of activities required by the Company's field of activity, the legitimate interests of the employer require the processing of personal data of the employees. As a matter of fact, it is possible to carry out the processing of personal data of employees due to reasons such as prevention of abuse, prevention of theft, general security or ensuring occupational health and safety. However, great care is taken not to harm the fundamental rights and freedoms of the employees.

 

  • Most of the personal data of the employees being processed is obtained from the information provided to the Company by the employees. Again, in some cases, personal data of employees may come to the Company from internal sources such as Company executives or from employees' references or data from systems established by public institutions and organizations due to working life requirements.
  • Personal data of employees being processed are formed of application forms and references of employees, employment contracts and changes, employee contact information, information required for payroll, family or close information such as persons to be contacted in case of emergency, employee training records, performance evaluation records, discipline records, camera records.

 

  • There are rules in many Company policies and procedures regarding the processing of personal information of employees. In this regard, the “Personal Data Policy” which is available on the Company's website, may be examined. This document can also be accessed from the Company's intranet / QDMS system and can also be obtained from the Human Resources Department in paper / hard copy environment.

 

  • Employee health information is also included in the processed personal data. Information on the health and sexual life of employees is generally processed by persons or authorized institutions and organizations under the obligation to preserve public health, conduct preventive medicine, medical diagnosis, treatment and care services, and plan and manage health services and financing. In this context, the health data of the employees and the details related to these are as a rule in the occupational physician and health unit.

 

  • “In the event that the employee becomes a member of the union after the status of employee (not requested in the employee candidate category), union membership can also be processed in accordance with the explicit provisions of the law in order to meet the requirements of legal legislation. Apart from this, unless the data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, and biometric and genetic data of the employees are explicitly stipulated in the law as a rule, they are not included in the processed personal data, requirements are carefully evaluated before processing personal data.

 

  • The company has control and oversight of information communication tools (telephone, mobile phones, computers and the Internet). Law no. 5651 and the legitimate interests of our Company constitute the legal basis of these practices.
  • Vehicle tracking system can be applied in the vehicles of our company on the grounds of security and more effective management of vehicles and personnel". The aforementioned activity is based on the legitimate interests of our company, but it does not harm the fundamental rights and freedoms of the employees.

 

  • In line with the aim of ensuring the execution of human resources policies of our company; Personnel recruitment in accordance with the human resources policies of our company, recruitment of personnel suitable for open positions, conducting human resources operations in accordance with the human resources policies of our company, selection of employee candidates, management of personal affairs, determination of training and career plans, fulfillment of obligations in the framework of occupational health and safety and taking necessary measures form the purposes of data processing.

 

  • The personal data of supplier / subcontractor employees can also be processed by our Institution. Thus Law No. 6331 provides the principal employer with documents and information to be checked regarding occupational health and safety from employees from another workplace. Likewise, in the Labor Law No. 4857 and the Social Insurance and General Health Insurance Law No. 5510, obligations related to subcontractor workers and temporary workers have been imposed on the principal employer and the issues that need to be controlled are stated. Accordingly, the processing of the personal data of the employees working in our workplace depending on the supplier and other employers is based on the legitimate interests of our company, in particular the legal improvements in question.

 

  • Personal data may also be processed in our related departments for the purposes of:

 

  • Execution of emergency management processes
  • Conducting information security processes
  • Conducting evaluation / ethical activities
  • Conducting training activities
  • Conduction of access privileges
  • Conducting activities in accordance with the legislation
  • Finance and accounting
  • Conducting loyalty processes to companies / products / services
  • Ensuring the security of physical space
  • Carrying out the assignment processes
  • Monitoring and execution of legal affairs
  • Carrying out internal audit / investigation / intelligence activities
  • Conducting communication activities
  • Execution of goods / services / production and operation processes
  • Carrying out customer relations processes
  • Conducting customer satisfaction activities
  • Organization and event management
  • Conducting marketing analysis studies
  • Conducting performance evaluation processes
  • Carrying out advertising / campaign / promotion processes
  • Execution of risk management processes
  • Storing and archiving activities
  • Social responsibility and civil society activities
  • Conduct of contract processes
  • Carrying out sponsorship activities
  • Carrying out strategic planning activities
  • Tracking of requests / complaints
  • Ensuring security of movable goods and resources
  • Conducting supply chain management processes
  • Carrying out marketing processes of products / services
  • Ensuring the security of data responsible operations
  • Foreign personnel work and residence permit procedures
  • Execution of investment processes
  • Giving information to authorized persons, institutions and organizations
  • Carrying out management activities
  • And for the purpose of creating and monitoring visitor records.
  • For the purposes of occupational health and safety, general security and product safety, camera monitoring in the workplace is carried out on the condition that it does not harm the fundamental rights and freedoms of our visitors, the persons whose data are processed within this scope and especially the employees, taking into consideration the legitimate interests of the Company.
  1. CHAPTER: STORAGE, DELETION, DISPOSAL AND ANONIMIZATION OF PERSONAL DATA

Although our Company has processed in accordance with the provisions of the relevant law as provided for in Article 138 of the Turkish Penal Code and Article 7 of the PDP Law, personal data will be deleted upon the decision of our Company or upon the request of the personal data holder, in case the reasons that require it are eliminated or anonymous.

  • STORAGE OF PERSONAL DATA AND STORAGE PERIOD

If required by the relevant laws and regulations, our Company stores its personal data for the period specified in the related legislation. If the legislation on how long personal data should be stored is not regulated for a period of time, personal data is processed, then deleted, destroyed or anonymized for the period required to be processed in accordance with the practices and commercial practices of our Company in connection with the services provided by our company while processing that data. If the purpose of processing personal data has expired and the storage period determined by the relevant legislation and the company has been reached; personal data may only be stored in order to provide evidence in case of possible legal disputes or to assert the relevant right to personal data or to establish defense. Although the statute of limitations and the statute of limitations for the exercise of the right mentioned in the establishment of these periods have passed, retention periods are determined based on the examples in the requests submitted to our Company on the same subjects. In this case, the stored personal data is not accessed for any other purpose and is only accessible when it is required to be used in the relevant legal dispute. Here too, after the expiry of this period, personal data is deleted, destroyed or anonymized.

  • PERSONAL DATA DELETION, DISPOSAL AND ANONIMIZATION

Although it has been processed in accordance with the provisions of the relevant law as provided for in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, personal data are deleted, destroyed or anonymized upon the decision of our Company or upon the request of the personal data owner, in case the reasons requiring processing are eliminated. In this context, our Company fulfills its obligation with the methods explained in this section.

  1. Deleting Personal Data
  1. Deletion of Personal Data

Although our company has processed in accordance with the provisions of the relevant law, personal data may be deleted in accordance with its decision or upon the request of the personal data owner in case the reasons requiring processing are eliminated. Deletion of personal data is the process of making personal data inaccessible and reusable for the users concerned. Our Company takes all kinds of technical and administrative measures to ensure that deleted personal data cannot be accessed and reused for the relevant users.

  1. Process of Deleting Personal Data
  • Determination of personal data that will be subject to deletion.
  • Identify relevant users for each personal data using an access authorization and control matrix or similar system.
  • Determination of the authorization and methods of access, retrieval, reuse, etc.
  • Closing and eliminating the access, retrieval, reuse authorization and methods of the relevant users within the scope of personal data.
  1. Methods for Deleting Personal Data

Since personal data can be stored in various recording media, it is deleted by appropriate methods.

  1. Disposal of Personal Data
  1. Personal Data Disposal Process

Although our company has processed in accordance with the provisions of the relevant law, personal data may be disposed in accordance with its decision or upon the request of the personal data owner in case the reasons requiring processing are eliminated. Disposal of personal data is the process by which personal data cannot be accessed, retrieved or reused by anyone in any way. Our company takes all kinds of technical and administrative measures necessary for the disposal of personal data.

  1. The Methods of Personal Data Disposal

For the disposal of personal data, all copies of the data are detected and the systems in which the data is found are destroyed individually.

  1. The Anonymization of Personal Data
  1. Personal Data Anonymization Process

The anonymization of personal data means that personal data cannot be associated with a certain or identifiable natural person, even by pairing it with other data. Our company is able to anonymize the personal data when the reasons that require the processing of personal data processed in accordance with the law are eliminated. Personal data is anonymized by making it unrelated to a specific or identifiable natural person, even through the use of appropriate techniques for the recording medium and the field of activity, such as the return of data by the data responsible or recipient groups and / or the mapping of data to other data. Our company takes all kinds of technical and administrative measures necessary to anonymize personal data.

Personal data, which has been anonymized in accordance with Article 28 of the PDP Law, may be processed for research, planning and statistics purposes. Such transactions are outside the scope of the KVK Law and will not require the express consent of the personal data owner.

  1. The Methods of Personal Data Anonymization

The anonymization is that by removing or changing all direct and / or indirect identifiers in a data set, the identity of the person is prevented from being identified, or he or she loses its distinguishability in a group or crowd so that it cannot be associated with a real person. Data that does not indicate a particular person as a result of blocking or losing these features is considered anonymized data. The purpose of anonymizing is to break the link between the data and the person whom this data defines. All the relation breaking operations carried out by means of automatic or non-automatic grouping, masking, derivation, generalization, randomization, etc. are applied to the records in the data recording system where personal data is kept. The data obtained as a result of the application of these methods should not be able to identify a particular person.

  1. CHAPTER: RIGHTS OF RELATED PERSONS

 

  1. THE SCOPE OF THE RIGHTS OF THE RELATED PERSONS AND THE USE OF THESE RIGHTS

 

  1. Rights of Related Persons

Persons whose personal data are processed by our company have the rights listed below:

  • Find out if personal data is being processed,
  • Request information if personal data has been processed,
  • Learning the purpose of processing personal data and whether they are used properly,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Request correction of personal data if missing or incorrectly processed and request that the transaction carried out in this context be notified to third parties to whom the personal data has been transferred,
  • Although it has been processed in accordance with the provisions of the PDP Law and other related law, to request the deletion or destruction of personal data in case the reasons requiring processing are eliminated and request that the transaction carried out in this context be notified to third parties to whom the personal data has been transferred ,
  • Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
  • Request for damages in case of damage due to unlawful processing of personal data.
  1. The Use of Rights by Related Persons

It is necessary and enough for the concerned persons to submit their requests regarding the use of the rights mentioned above in accordance with article 13 paragraph 1 of the PDP Law to our Company in the following ways;

 

Application Method

Address of Application

Information to be specified in application submission

Personal Application

(Application by the applicant personally with a document proving his identity)

"Request for Information within the Scope of the Personal Data Protection Law" will be written on the envelope.

Atatürk Mahallesi, Adnan

Menderes Caddesi No: 5, Kıraç

Esenyurt, 34522 İstanbul,

Türkiye

Notification through a notary public

Atatürk Mahallesi, Adnan

"Request for Information within the Scope of the Law on Protection of Personal Data" shall be written in the notification envelope.

Menderes Caddesi No: 5, Kıraç

Esenyurt, 34522 İstanbul,

Türkiye

Through Signed with “Secure Electronic Signature” by Registered Electronic Mail (REM)

"Information Request for Personal Data Protection Law “will be written in the subject part of the e-mail.

kvkk@hs02.kep.com.tr

In application;

It is obligatory to have the place of Name, Surname, if application is written T.R. ID Number for Turkish citizens, nationality, passport number or identification number (if any) for foreigners, residence or business address subject to the notification, the electronic mail address, telephone and fax number, the subject of the request, if any. Information and documents related to the subject are also added to the application.

It is not possible to request by third parties on behalf of personal data owners. In order for a person other than the personal data owner to make a request, there must be a special power of attorney issued by the personal data owner on behalf of the applicant. In your application as a personal data owner, which contains your explanations of the rights you have made and which you would like to use to exercise your rights mentioned above; your request must be clear and understandable, if you are acting on behalf of yourself or you are acting on behalf of someone else, you must be specifically authorized and document your authority, the application must include identification and address information, and the documents confirming your identity must be attached to the application.

It is not possible to request by third parties on behalf of personal data owners. In order for a person other than the personal data owner to make a request, there must be a special power of atto

HAUS

How can we help you?


#BECAUSEWECARE







HAUS Sales Offices & Service Network
HAUS agents and authorised services provides reliable and high quality service to all customers around the world.


500
Employees
32000
Factory Area
35
Countries


SEE ALL AGENTS & OFFICES