İkbal

Anasayfa/
Policy on the Protection of Personal Data

Policy on the Protection of Personal Data

CLARIFICATION TEXT UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA

Our company attaches great importance to the protection of personal data obtained or will be obtained through its operations. In this respect, this policy has been prepared in order to determine the principles and measures to be taken regarding the processing, protection, storage, and destruction of personal data and informing data subjects, and our company carries out its activities regarding personal data under both the Policy on the Protection of Personal Data and the Law on the Protection of Personal Data No. 6698.

WHAT ARE PERSONAL DATA
Personal data refer to any information relating to an identified or identifiable natural person.

PURPOSE OF PROCESSING AND TRANSFERRING PERSONAL DATA, PERSONAL DATA COLLECTION METHODS, AND LEGAL GROUNDS

Our company processes personal data for

Fulfilling its legal obligations, protecting the legal rights of our company
Carrying out contract negotiations, conclusion and performance of contracts, following-up, and termination of contractual processes
Providing better service to customers, determining suitable projects and services for customers
Improving products and services
Management, execution, and supervision of company activities
Providing products and services in accordance with the preferences of our customers
Following up and fulfilling of customer demands and complaints, measuring customer satisfaction
Supply of materials and services required by the company
Promotion and announcement of company operations and execution of sales and marketing activities
Procurement, planning, management, supervision of the human resources required by the company and offering personal rights
Ensuring necessary coordination and cooperation within the company, with group companies and suppliers
Protecting the contractual and legal rights of our company arising from contracts and laws

As a rule, our company processes personal data for its own activity. In this respect, our company takes the necessary security measures in line with the personal data processing purposes in accordance with the law and transfers the personal data and sensitive personal data of the personal data subject to third parties (Community Companies, business partners, shareholders, affiliates, insurance companies, suppliers, public institutions and/or organizations and to third parties for the same purposes).

Our company maintains personal data for the period specified in the relative laws for the period of time specified in the law. If a period of time is not stated in the law about how long personal data should be maintained, personal data is processed for the period required to be processed in accordance with our Company's practices and commercial practices, depending on the activity carried out while processing that data. If you want your personal data to be deleted, destroyed, or anonymized, this request can be fulfilled by our Company at the end of the period determined by legal regulations; however, your personal data will not be processed and shared by our Company with third parties during this period except for sharing obligations arising from national and international laws, regulations and contracts.

In addition, personal data may be shared with our shareholders in order to determine the strategies related to the activities of our company and to carry out audit activities.

Our company will be able to transfer personal data abroad, provided that there is sufficient protection in accordance with this policy, and in the absence of sufficient protection, such transfer will only take place provided that the data controllers in Turkey and the relevant foreign country undertake and assume such protection in writing and with the permission of the Board.

RIGHTS OF THE DATA SUBJECT
The data subject has the right to be enlightened during the acquisition of personal data. This text was issued for enlightening the data subject.

In addition, the data subject has the following rights;

Learning whether personal data are processed
If personal data have been processed, requesting information about it
Learning the purpose of processing personal data and whether they are used in accordance with the purpose
Finding out the third parties to whom personal data were transferred at home or abroad
Requesting correction of personal data in case of incomplete or incorrect processing
Requesting the destruction of personal data in the event that the conditions requiring processing of such are no longer present
Requesting notification of the actions taken in case of correction or destruction of personal data to third parties to whom personal data have been transferred
Objecting to any result that is to the detriment of the data subject by analyzing the processed data exclusively through automated systems
Requesting the compensation of any damages in case of loss due to unlawful processing of personal data

PERSONAL DATA PROTECTION, STORAGE, AND DESTRUCTION POLICY

INTRODUCTION
Our company attaches great importance to the protection of personal data obtained or to be obtained through its activities. In this respect, this policy has been prepared in order to determine the principles and measures to be taken regarding the processing, protection, storage, and destruction of personal data and informing data subjects, and our company carries out its activities regarding personal data under both the Policy on the Protection of Personal Data and the Law on the Protection of Personal Data No. 6698.
PURPOSE
Our company can process personal data for the purposes of performing its activities, providing better service to its customers, exercising its rights arising from the contracts and fulfilling the obligations, and performing the duties and responsibilities arising from the law.

The purpose of the Policy on the Protection of Personal Data is to determine the principles and rules to be followed during the personal data processing activities carried out by our Company in line with the above-mentioned purposes, to protect the fundamental rights and freedoms of individuals, especially the privacy of private life in the processing of personal data, and to provide the necessary transparency by informing the data subjects about such activities.

SCOPE
The Policy on the Protection of Personal Data covers activities related to personal data within the scope of Law No. 6698.
BASIS
The Policy on the Protection of Personal Data is based on Law No. 6698 and the regulations enacted/to be enacted under this Law. In this regard, the Policy on the Protection of Personal Data will be implemented as long as it is compatible with the legislation in force.
PERSONAL DATA
Personal data refer to any information relating to an identified or identifiable natural person.

In general, data such as name, surname, date of birth, Republic of Turkey Identity Number, mobile phone number, and e-mail address of natural persons are included in the scope of personal data. However, in order for such data to be qualified as personal data, they must be associated with a natural person, in other words, personal data must enable the identification of the natural person. Such personal data is defined as general personal data in the policy on the protection of personal data.

Law No. 6698 adopts that some sensitive data are to be deemed as private personal data. Therefore, any personal data that is not within the scope of private personal data is considered general personal data by our company.

Private personal data are as follows; “Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, attire, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data”.

PERSONAL DATA PROCESSING CONDITIONS
During the processing of personal data, our company will take the necessary precautions to

First of all, act in accordance with the legislation in force, then the personal data processing policy and the rules of honesty
Ensure that the personal data processed are accurate and up-to-date
Process personal data for the purposes described in this policy and to act in connection with and limited to and be measured for this purpose.
Maintain personal data for appropriate periods for the purpose of processing or stipulated in the legislation

As a rule, our company does not process personal data without the explicit consent of the data subject. However, the explicit consent of the data subject is not sought in the following cases;

If it is expressly stated in the laws
If the processing of personal data belonging to the parties of the contract is necessary, provided that it is directly related to the conclusion or performance of a contract
If it is required for fulfilling the legal obligations of our company
If such data are made public by the related person
If the data processing is required to establish, use or protect a certain right
If such processing is required for the legitimate interests of our company, provided not to harm the basic rights and freedoms of the data subject

Private personal data are only processed with the explicit consent of the related individual or without the explicit consent of the related individual in cases stipulated by the laws.

PURPOSE OF PROCESSING PERSONAL DATA
Our company processes personal data for

Fulfilling its legal obligations, protecting the legal rights of our company
Carrying out contract negotiations, conclusion and performance of contracts, following-up, and termination of contractual processes
Providing better service to customers, determining suitable projects and services for customers
Improving products and services
Management, execution, and supervision of company activities
Providing products and services in accordance with the preferences of our customers
Following up and fulfilling of customer demands and complaints, measuring customer satisfaction
Supply of materials and services required by the company
Promotion and announcement of company operations and execution of sales and marketing activities
Procurement, planning, management, supervision of the human resources required by the company and offering personal rights
Ensuring necessary coordination and cooperation within the company, with group companies and suppliers
Protecting the contractual and legal rights of our company arising from contracts and laws

Processing of personal data refers to all kinds of operations performed on the data by obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying, and preventing the use of them by fully or partially automatic or non-automatic means provided that they are parts of a data recording system. As a rule, our company processes personal data for its own activity. In this respect, our company takes the necessary security measures in line with the personal data processing purposes in accordance with the law and transfers the personal data and sensitive personal data of the personal data subject to third parties (Community Companies, business partners, shareholders, affiliates, insurance companies, public institutions and/or organizations and to third parties for the same purposes).

In addition, personal data may be shared with our shareholders in order to determine the strategies related to the activities of our company and to carry out audit activities.

PERSONAL DATA MAINTENANCE PERIOD
Personal data will be maintained for the period stipulated in the relevant legislation or for the period required for the purpose for which they were processed.
MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA

It attaches importance to the confidentiality and security of Personal Data and takes legal, technical, and administrative measures to the extent required by the Law and relevant legislation to protect Personal Data.

Our company takes technical, legal, and administrative measures to prevent the illegal processing of, illegal access to personal data it has or will obtain, and to ensure the protection of personal data. Our company not only informs its employees about these matters but also takes special measures in the contracts it concludes or will conclude with its employees and other third parties.

Although our company takes the necessary measures, if the processed personal data are obtained by third parties illegally, the situation will be notified to you and the Personal Data Protection Board as soon as possible by our company.

DELETION, DESTRUCTION, AND ANONYMIZING OF PERSONAL DATA

In the event that all the conditions for processing personal data disappear, personal data will be destroyed by our company or upon the request of the data subject.

The destruction of personal data will be carried out by applying one of the methods of deletion, destruction, or anonymization.

Deletion of personal data is the process of making personal data inaccessible and non-reusable for relevant users.

Destruction of personal data is the process of making personal data inaccessible, unrecoverable, and unusable by anyone in any way.

Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even if they are matched with other data.

Our company records all transactions regarding the deletion, destruction, and anonymization of personal data, and these records are kept for at least three years.

Which personal data destruction method will be applied will be determined by our company upon request, provided that the reason is explained to the data subject.

The periodic destruction period of our company is 6 (six) months.

RIGHTS OF THE DATA SUBJECT
The data subject has the right to be enlightened during the acquisition of personal data. Accordingly, during the acquisition of personal data, our company is informed about

the title of our company and the identity of its representative,
for what purpose personal data will be processed
to whom and for what purpose the processed personal data can be transferred,
method and legal grounds for collecting personal data

In addition, the data subject has the following rights;

Learning whether personal data are processed
If personal data have been processed, requesting information about it
Learning the purpose of processing personal data and whether they are used in accordance with the purpose
Finding out the third parties to whom personal data were transferred at home or abroad
Requesting correction of personal data in case of incomplete or incorrect processing
Requesting the destruction of personal data in the event that the conditions requiring processing of such are no longer present
Requesting notification of the actions taken in case of correction or destruction of personal data to third parties to whom personal data have been transferred
Requesting notification of the actions taken in case of correction or destruction of personal data to third parties to whom personal data have been transferred
Objecting to any result that is to the detriment of the data subject by analyzing the processed data exclusively through automated systems
Requesting compensation of the damage in case of loss due to unlawful processing of personal data

The data subject may forward their requests to the following address, telephone number, or e-mail address, provided that they certify their identity;

Title: İkbal Gıda ve İhtyaç Maddeleri İmalat San. İç ve Dış Tic. A.Ş.
Address: Organize Sanayi Bölgesi 1. Cadde 1. Sokak No: 19 AFYONKARAHİSAR
E-mail:ikbal@ikbal.com
TEL :90 272 221 16 66

The requests of the data subject are fulfilled within a maximum of 30 (thirty) days and the necessary information is provided to the data subject free of charge. However, in case the process requires any additional cost, the fees specified by the Board may be requested.