info@greencooler.com.tr

Policy for Protection and Process of Personal Data

  1. THE IMPORTANCE OF PERSONAL DATA PROTECTION

Protection of personal data is a Constitutional right and is among the priorities of our Company. As a matter of fact, for this purpose, it is aimed to establish a system that is constantly updated in our Company and this policy has been made. This Policy has been made, within the scope of Law No. 6698 on Protection of Personal Data, in order to specify general disclosure obligations and to determine the basic principles of our company's personal data processing rules applicable in the following address of, ÖZTAŞ SAÇ DEMİR İNŞAAT METAL MAMULLERİ MAKİNA SANAYİ VE TİCARET A.Ş. (hereinafter referred to as  "ÖZTAŞ"),   ÖZTAŞ KEÇİLİKÖY OSB MAHALLESİ AHMET NAZİF ZORLU BULVARI NO:32 45030 MANİSA TÜRKİYE and in its branches and in this scope, the basic principles are regulated for processing the personal data of our customers, potential customers, employees, employee candidates, trainees and students, supplier / subcontractor employees and officials, company shareholders and company partners, visitors and other third parties, whose data we process.

 

Necessary procedures are organized within the company for the implementation of the issues specified in this Policy, general disclosures that are compatible with Personal Data Processing Inventory specific to categories of people are created, protection of personal data and confidentiality agreements are made with company employees and third parties who have access to personal data, job definitions are revised, administrative and technical measures are taken by ÖZTAŞ to protect personal data, and necessary inspections are made or procured in this context. The issue of  Personal Data Protection is also embraced by senior management, and by means of forming a special committee(ÖZTAŞ KVKK Team List) in this regard, processes of personal data protection are managed.

                                                                                                                                  

  1. PURPOSE OF THE POLICY

The main purpose of this Policy is to set forth the principles of personal data processing activities and the protection of personal data carried out in accordance with the law by ÖZTAŞ, and to provide transparency by enlightening and informing the people whose personal data are processed by our company.

 

  1. SCOPE

 

This Policy relates to all data, which we process automatically or non-automatically provided that it is part of the system, of the persons that we categorize as “customers, potential customers, employees, candidates, trainees and students, supplier / subcontractor employees and officials, company shareholders and company partners, visitors and other third parties whose data we process” .

 

  1. IMPLEMENTATION OF POLICY AND RELATED LEGISLATION

The relevant legal regulations in force regarding the processing and protection of personal data will be applied . If there is a discrepancy between the current legislation and the Policy, our Company accepts that the current legislation shall be applied.

 

  1. ACCESS AND UPDATE

Policy is published on our company's website www.oztasdemir.com.tr is and made available to the relevant persons upon the request of personal data owners and updated when necessary.

 

    1. SECTION: PROCESSING PERSONAL DATA

 

  1. Pursuant to Article 20 of the Constitution and article 4 of the Law on PPD, our company could carry out the activities of personal data processing in a way which is in line rules of law and honesty, correct and up to date when required so; specific, clear and legitimate ; purpose-bound, limited and measured. Our Company retains personal data as long as required by law or as required for personal data processing purposes.
  2. In accordance with Article 20 of the Constitution and Article 5 of the Law on PPD, our company processes personal data based on one or more of the conditions in the 5th article of the Law on PPD.
  3. In accordance with Article 419 of the Code of Obligations, our company processes the personal data of employees and candidates based on the purposes of the employment contract and the performance of the employment contract without prejudice to the provisions of Law No. 6698.
  4. Our company enlightens the personal data owners in accordance with the Article 20 of the Constitution and Article 10 of the Law on PPD, and provides necessary information and responds to the applications within the legal period, if the personal data owners request information and apply to exercise their rights arising from the Law.
  5. Our Company complies with the regulations envisaged for the processing of sensitive data, pursuant to the provisions of Article 6 of the Law on PPD.
  6. In accordance with Articles 8 and 9 of the Law on PPD, our Company complies with the rules stipulated in the Law for the transfer of personal data, and implements applications by taking into account the decisions taken and notices and safe country lists published by  PPD Board.

 

  1. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES AND RULES PROVIDED IN THE LEGISLATION

 

    1. PROCESSING OF PERSONAL DATA

 

  1. Processing in Compliance with the Rule of Law and Good Faith

Our company acts in accordance with the general trust and honesty rule with the principles brought by legal regulations in the processing of personal data. In this context, our Company identifies the legal basis that will require the processing of personal data, takes action, takes into account the requirements of proportionality, does not use the personal data for the wrong purposes, and does not operate without the knowledge of individuals.

 

  1. Ensuring the Accuracy and Up-to-Dateness of Personal Data When Necessary

Our company, taking into account the basic rights of the personal data owners and their legitimate interests, ensures that the personal data it processes are accurate and up-to-date and takes the necessary measures in this direction. In this context, the data regarding all categories of people are tried to be kept up to date. In particular, customer and potential customer data are carefully updated, and e-mails and offers are not sent to people for marketing and promotional purposes contrary to their consent.

 

  1. Processing with Specific, Explicit and Legitimate Purposes

Our company clearly and accurately identifies its personal data processing purpose, which is legitimate and lawful. Our company processes  the personal data in connection  with and  as much as necessary for  the service that it provides. The purpose for which personal data will be processed by our company is determined before the processing activity and is recorded in the "Personal Data Inventory".

 

  1. Being Limited, Proportional and Expedient to Purpose of Data Processing

Our company processes personal data in a way to achieve the identified purposes, and avoids the processing of personal data that is not required or not related to the realization of the purpose. In this context, processes are constantly reviewed and the principle of “reducing personal data” is tried to be implemented.

 

Preservation for the Period Envisaged in the Relevant Legislation or Required for the Purpose of Their Processing Our Company maintains personal data only for the period required by the relevant legislation or by the purpose for which it was processed. In this context, our Company firstly determines whether a period is foreseen for the retention of personal data in the relevant legislation, if a period has been determined, it acts in accordance with this period, in this context, it takes into account the law and penalty expiration periods and stores the personal data for the purpose for which they are processed. In the event that the expiration period is over  or  the reasons requiring the processing disappear, the personal data are erased, destroyed or anonymized according to our Company's "Destruction Procedure" (Ref: BGYS-PR-022).

 

    1. Rules for the Processing of General Personal Data

Protection of personal data is a right defined in the Constitution, and fundamental rights and liberties can be limited only by law, regardless of their essence, only for the reasons specified in the relevant articles of the Constitution. Pursuant to the third paragraph of Article 20 of the Constitution, personal data can only be processed in cases stipulated by law or with the express consent of the person. In the processing of personal data by our company, personal data are processed without seeking explicit consent of the relevant person, if the following conditions are present;

  1. In the event that it is clearly stipulated by the laws,
  2. In the event that it is mandatory for the protection of life or physical integrity of a person himself/herself, or any other person, who is bodily incapable of giving his/her consent or whose consent is not deemed legally valid,
  3. In the event that it is required to process personal data of the parties to the contract, provided that the processing is directly related to the conclusion or fulfilment of that contract,
  4. In the event that it is mandatory for the data controller to fulfill his/her legal obligations.
  5. In the event that personal data is revealed to the public by the person concerned himself/herself.
  6. In the event that data processing is mandatory for the establishment, use or protection of a right,
  7. In the event that data processing is mandatory for the legitimate interests of the data controller provided that it does not harm the fundamental rights and freedoms of the person concerned,

 

In the absence of the above conditions, our Company consults the concerned person's consent based upon his/her explicit, free will and information/notification. Especially in the field of Human Resources and Labor Relations, considering the dependency relationship of the employee, it is essential to rely on the lawfulness of the data, not based on consent, but explicit consent is required in the absence of these reasons. On the other hand, in activities such as marketing, processing is carried out on the basis of the consent of the concerned person. However, in all cases where personal data is processed, data processing activities based on “enlightenment of employees” are always carried out.

 

    1. Processing Sensitive Personal Data

In processing personal data designated as  "sensitive"  by the Law on PPD, our Company strictly adheres to the regulations stipulated in the Law. In Article 6 of the Law on PPD, certain personal data that have  the risk of causing victimization or discrimination when processed illegally  are identified as “sensitive” , and care and sensitivity must be exercised in  processing these data. These data are the personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the bio-metric and genetic data. Sensitive  personal data are processed by our Company  in the following cases, provided that the necessary precautions are taken in accordance with the Law on PPD, :

    1. Sensitive personal data other than the health and sexual life of the personal data owner, in cases stipulated by law or if the personal data owner has explicit consent,
    2. The sensitive  personal data of the data owner relating to health and sexual life are only processed by authorized public institutions and organizations that have confidentiality obligation, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing or by upon the explicit consent of the personal data owner.
    3. Regardless of the reason, general data processing principles are always taken into consideration and compliance with these principles is ensured (Law on PPD Art. 4).

Regarding the protection of sensitive data in our company Personal Data Protection and Processing Policy has been put into effect and our business units are acting in accordance with the provisions of this policy and necessary measures are taken.

 

    1. Clarifications and Notification to be Made to the Relevant Persons Whose  Personal Data are Processed

Our Company provides information/makes clarifications to the personal data owners during the obtaining of personal data in accordance with Article 10 of the Law on PPD. In this context, the relevant person whose data is processed is informed about the purpose for which the personal data will be processed, the persons to whom and for what purpose the processed personal data can be transferred, the method and legal reason of collecting personal data and the rights of the person whose personal data is processed. In the 11th article of the Law on PPD, ''Requesting Information'' is counted among the rights of the concerned person whose personal data is processed and in this context, our Company makes the necessary notifications in the event that the person whose personal data is processed requests information in accordance with the 20th Article of the Constitution and the 11th Article of the Law on PPD. In this regard, the action wil be taken upon the submission of  ''Application Form'' provided in our website  https://www.oztasdemir.com.tr

 

  1. PERSONAL DATA TRANSFER

Our company can transfer the personal data and sensitive personal data of the personal data owner to third parties by taking the necessary security precautions in line with the personal data processing purposes that are in line with the law. Accordingly, our company acts in accordance with the regulations stipulated in article 8 of the Law on PPD.

    1. Principles of Transferring Personal Data

Our company may transfer personal data, in line with legitimate and legal personal data processing purposes, to third parties on the basis of one or more of the personal data processing conditions specified in Article 5 of the Law as stated below:

 

should the relevant person whose personal data is processed has a clear consent;

  1. if there is an explicit regulation in the laws regarding the transfer of personal data,
  2. Should the transfer is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his/her consent or whose consent is not deemed legally valid.
  3. Should the processing of personal data belonging to the parties of an agreement be necessary, provided that it shall be directly related to the conclusion or fulfillment of such agreement,
  4. Should personal data transfer be mandatory for our Company to fulfill its legal obligation,
  5. Should the personal data be publicized by the person concerned,
  6. Should the personal data transfer be mandatory for the establishment, exercise or protection of any right,
  7. Should it be mandatory for the legitimate interests of our Company, provided that the fundamental rights and freedoms of the person whose personal data is processed,  are not harmed, the personal data is transmitted.

 

Regardless of the reason, general data processing principles are always taken into consideration and compliance with these principles is ensured (Law on PPD Art. 4).

 

    1. Transfer of Sensitive Personal Data

Our company may transfer sensitive personal data of the personal whose data is processed, to third parties in the following cases in line with legitimate and legal personal data processing purposes, by showing due diligence, taking required security measures and adequate measures stipulated by the PPD Board.

 

  1. If the relevant person has explicit consent, sensitive personal data can be processed on the basis of this consent or
  2. if the person concerned does not have explicit consent;
  3. the sensitive personal data of the personal data owner other than the ones related to her/his health and sexual life (data related to information regarding the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, memberships to associations and foundations or trade-unions, criminal convictions and security measures and the bio-metric and genetic data), can be processed only in the circumstances foreseen by the laws,
  4. The sensitive personal data of personal data owner relating to health and sexual life are only processed by any persons or authorized public institutions and organizations that have confidentiality obligation, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing.

 

Regardless of the reason, general data processing principles are always taken into consideration during in transfer processes and compliance with these principles is ensured (Law on PPD Art. 4).

 

    1. Transfer of Personal Data to Abroad

Our company can transfer the personal data it processes and the sensitive personal data to third parties by taking the necessary security measures for the purposes of lawful personal data processing. Our Company transfers the personal data to countries that have accommodated themselves to GDPR, foreign countries where PPD Board confirms their adequate protection ("Foreign Countries with Adequate Protection") or in case of the absence of adequate protection, data controllers i n Turkey and in the foreign countries undertake to provide an adequate protection in writing and to the foreign countries for which PPD Board's permission exists(“Foreign Country where the Data Controller  Undertakes Adequate Protection is Located”). Accordingly, our company acts in accordance with the regulations stipulated in article 8 of the Law on PPD.

 

Our Company may transfer personal data, in line with its purposes of legitimate and lawful processing personal data, to the Foreign Countries and to countries that have accommodated themselves to GDPR in which Sufficient Protection is Provided or the Controller Undertakes Sufficient Protection,upon the explicit consent is given by the personal data owner; Where the explicit consent of the personal data owner is not given, upon the existence of one of the following circumstances:

  1. if there is an explicit regulation in the laws regarding the transfer of personal data,
  2. Should the transfer be mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his/her consent or whose consent is not deemed legally valid.
  3. Should the processing of personal data belonging to the parties of an agreement be necessary, provided that it shall be directly related to the conclusion or fulfillment of such agreement,
  4. Should personal data transfer be mandatory for our Company to fulfill its legal obligation,
  5. Should the personal data be publicized by the person concerned,
  6. Should the personal data transfer be mandatory for the establishment, exercise or protection of any right,
  7. Should it be mandatory for the legitimate interests of our Company, provided that the transfer shall not violate the fundamental rights and freedoms of the personal data owner.

 

    1. Personal Data Transfer Purposes for Our Company and the Categories of People whose data is transferred.

 

  1. Data Transfer Purposes

 Data transfer is carried out for purposes such as, to ensure the fulfillment of our Company's activities and establishment objectives, to ensure that our Company provides the services outsourced from the supplier and to provide our Company with the necessary services to fulfill its commercial activities, to ensure the execution of human resources and employment policies of our Company, to provide data transfer in order to fulfill the obligations within the framework of the occupational health and safety and to take necessary measures.

 

  1. People to whom Data is Transferred

Our company in accordance with the 8th and 9th articles of the Law on PPD can transfer the personal data   to the following categories of people:

 

Authorized Public Institutions

Public institutions and organizations authorized to receive information and documents from our company

Data sharing is made according to the provisions of the relevant legislation.

 

Legally Authorized Private Persons

 

 

Private persons authorized to receive information and documents from our company

Data is shared in a way limited to the purposes as requested by the relevant private persons within their legal authority.

 

 

 

Business Partners

The parties with which our company has established a business partnership for purposes such as sales, promotion and marketing of our products and services, after sales support, and execution of joint customer loyalty programs while carrying out commercial activities of our company

Limited data sharing is carried out with the intent of achieving the objectives of establishing the business partnership.

 

 

 

Suppliers

 

 

 

The parties which provide service to our Company  or  to which the services provided by our Company while carrying out the commercial activities of our Company

Limited data sharing is provided in order to ensure that our company provides the services outsourced by the supplier and necessary services to perform our Company's commercial activities.

While Transfers are made, our company acts in accordance with the principles and rules set forth in this Policy.

 

CATEGORIES OF PERSONAL DATA

The persons whose data are processed in our company and the data processed in this context are categorized as follows;

 

CATEGORIES OF THE PERSONS

 

Employee Candidate

Real persons who have made application for a job at the Company in any way or have opened their resumes and relevant information for review by our company.

Employee

Real people working in our company

 

Potential Customer

Real persons who have requested or are interested in the use of our products and services or have been evaluated as they may have such interest in accordance with the rules of commercial custom and principles of honesty.

 

Supplier's Employee

Real persons working in the institutions (such as, but not limited to, business partners, suppliers) with which our company has all kinds of business relations

 

Supplier′s Official

Shareholders and officials of the institutions that our company has business relations with are real persons.

 

Customer

Natural persons who use or have used the products and services offered by our Company, regardless of whether or not they have a contractual relationship with our Company.

 

Visitor

Real persons who have entered our physical premises with various purposes or visited our websites

 

MISCELLANEOUS

Third party real  persons who are associated with these persons in order to ensure the commercial security of our company with the aforementioned parties or to protect the rights of such persons and provide benefits (e.g., Family Members and relatives)