CLARIFICATION TEXT UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA
Our company attaches great importance to the protection of personal data obtained or will be obtained through its operations. In this respect, this policy has been prepared in order to determine the principles and measures to be taken regarding the processing, protection, storage, and destruction of personal data and informing data subjects, and our company carries out its activities regarding personal data under both the Policy on the Protection of Personal Data and the Law on the Protection of Personal Data No. 6698.
WHAT ARE PERSONAL DATA
Personal data refer to any information relating to an identified or identifiable natural person.
PURPOSE OF PROCESSING AND TRANSFERRING PERSONAL DATA, PERSONAL DATA COLLECTION METHODS, AND LEGAL GROUNDS
Our company processes personal data for
Processing of personal data refers to all kinds of operations performed on the data by obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying, and preventing the use of them by fully or partially automatic or non-automatic means provided that they are parts of a data recording system.
As a rule, our company processes personal data for its own activity. In this respect, our company takes the necessary security measures in line with the personal data processing purposes in accordance with the law and transfers the personal data and sensitive personal data of the personal data subject to third parties (Community Companies, business partners, shareholders, affiliates, insurance companies, suppliers, public institutions and/or organizations and to third parties for the same purposes).
Our company maintains personal data for the period specified in the relative laws for the period of time specified in the law. If a period of time is not stated in the law about how long personal data should be maintained, personal data is processed for the period required to be processed in accordance with our Company's practices and commercial practices, depending on the activity carried out while processing that data. If you want your personal data to be deleted, destroyed, or anonymized, this request can be fulfilled by our Company at the end of the period determined by legal regulations; however, your personal data will not be processed and shared by our Company with third parties during this period except for sharing obligations arising from national and international laws, regulations and contracts.
In addition, personal data may be shared with our shareholders in order to determine the strategies related to the activities of our company and to carry out audit activities.
Our company will be able to transfer personal data abroad, provided that there is sufficient protection in accordance with this policy, and in the absence of sufficient protection, such transfer will only take place provided that the data controllers in Turkey and the relevant foreign country undertake and assume such protection in writing and with the permission of the Board.
RIGHTS OF THE DATA SUBJECT
The data subject has the right to be enlightened during the acquisition of personal data. This text was issued for enlightening the data subject.
In addition, the data subject has the following rights;
PERSONAL DATA PROTECTION, STORAGE, AND DESTRUCTION POLICY
The purpose of the Policy on the Protection of Personal Data is to determine the principles and rules to be followed during the personal data processing activities carried out by our Company in line with the above-mentioned purposes, to protect the fundamental rights and freedoms of individuals, especially the privacy of private life in the processing of personal data, and to provide the necessary transparency by informing the data subjects about such activities.
In general, data such as name, surname, date of birth, Republic of Turkey Identity Number, mobile phone number, and e-mail address of natural persons are included in the scope of personal data. However, in order for such data to be qualified as personal data, they must be associated with a natural person, in other words, personal data must enable the identification of the natural person. Such personal data is defined as general personal data in the policy on the protection of personal data.
Law No. 6698 adopts that some sensitive data are to be deemed as private personal data. Therefore, any personal data that is not within the scope of private personal data is considered general personal data by our company.
Private personal data are as follows; “Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, attire, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data”.
.
As a rule, our company does not process personal data without the explicit consent of the data subject. However, the explicit consent of the data subject is not sought in the following cases;
Private personal data are only processed with the explicit consent of the related individual or without the explicit consent of the related individual in cases stipulated by the laws.
.
Processing of personal data refers to all kinds of operations performed on the data by obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying, and preventing the use of them by fully or partially automatic or non-automatic means provided that they are parts of a data recording system. As a rule, our company processes personal data for its own activity. In this respect, our company takes the necessary security measures in line with the personal data processing purposes in accordance with the law and transfers the personal data and sensitive personal data of the personal data subject to third parties (Community Companies, business partners, shareholders, affiliates, insurance companies, public institutions and/or organizations and to third parties for the same purposes).
Our company maintains personal data for the period specified in the relative laws for the period of time specified in the law. If a period of time is not stated in the law about how long personal data should be maintained, personal data is processed for the period required to be processed in accordance with our Company's practices and commercial practices, depending on the activity carried out while processing that data. If you want your personal data to be deleted, destroyed, or anonymized, this request can be fulfilled by our Company at the end of the period determined by legal regulations; however, your personal data will not be processed and shared by our Company with third parties during this period except for sharing obligations arising from national and international laws, regulations and contracts.
In addition, personal data may be shared with our shareholders in order to determine the strategies related to the activities of our company and to carry out audit activities.
Our company will be able to transfer personal data abroad, provided that there is sufficient protection in accordance with this policy, and in the absence of sufficient protection, such transfer will only take place provided that the data controllers in Turkey and the relevant foreign country undertake and assume such protection in writing and with the permission of the Board.
It attaches importance to the confidentiality and security of Personal Data and takes legal, technical, and administrative measures to the extent required by the Law and relevant legislation to protect Personal Data.
Our company takes technical, legal, and administrative measures to prevent the illegal processing of, illegal access to personal data it has or will obtain, and to ensure the protection of personal data. Our company not only informs its employees about these matters but also takes special measures in the contracts it concludes or will conclude with its employees and other third parties.
Although our company takes the necessary measures, if the processed personal data are obtained by third parties illegally, the situation will be notified to you and the Personal Data Protection Board as soon as possible by our company.
In the event that all the conditions for processing personal data disappear, personal data will be destroyed by our company or upon the request of the data subject.
The destruction of personal data will be carried out by applying one of the methods of deletion, destruction, or anonymization.
Deletion of personal data is the process of making personal data inaccessible and non-reusable for relevant users.
Destruction of personal data is the process of making personal data inaccessible, unrecoverable, and unusable by anyone in any way.
Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even if they are matched with other data.
Our company records all transactions regarding the deletion, destruction, and anonymization of personal data, and these records are kept for at least three years.
Which personal data destruction method will be applied will be determined by our company upon request, provided that the reason is explained to the data subject.
The periodic destruction period of our company is 6 (six) months.
In addition, the data subject has the following rights;
The data subject may forward their requests to the following address, telephone number, or e-mail address, provided that they certify their identity;
Title:İkbal Lokantacılık Hizmet ve Gıda San Tic. A.ş.
Address:Organize Sanayi Bölgesi 1. Cadde 1. Sokak No: 19 AFYONKARAHİSAR
E-mail:lokantacilik@ikbal.com
TEL :+90 (272) 223 19 22
The requests of the data subject are fulfilled within a maximum of 30 (thirty) days and the necessary information is provided to the data subject free of charge. However, in case the process requires any additional cost, the fees specified by the Board may be requested.