Protection of Personal Data

BİLGİÇLER YAPI İNŞAAT LTD. ŞTİ.

PROTECTION AND PROCESSING OF PERSONAL DATA POLICY

VERSION 2.0 – 23.09.2020

CONTENTS

  1. PURPOSE AND SCOPE OF THE POLIC
  2.  DEFINITIONS

 

  • PRINCIPLES OF PROCESSING PERSONAL DATA
    1. CONDITIONS FOR PROCESSING PERSONAL DATA AND EXCEPTIONAL CASES
    2. CLASSIFICATION OF PERSONAL DATA
    3. ENSURING THE SECURITY OF PERSONAL DATA
  • Processing Purposes of Personal Data:1. In Terms of Personal Data of Customers, Prospective Customers, and Business Partners
    2. In Terms of the Security Camera Application in the Workplace
    3. In Terms of Personal Data of Job Applicants
    4. In Terms of Personal Data of Employees
    5. In Terms of Personal Data of Subcontractors
  • TRANSFER OF PERSONAL DATA DOMESTICALLY AND ABROAD
    1. DESTRUCTION OF PERSONAL DATA
    2. RIGHTS OF THE DATA SUBJECT
    3. CLOSING PROVISIONS
  1. PURPOSE AND SCOPE OF THE POLICY

In order to comply with the Law on the Protection of Personal Data numbered 6698 (“KVKK”) published in the Official Gazette dated 07.04.2016 and numbered 29677, and relevant legal regulations, the procedures and principles adopted and applied by our Company, within the scope of the data controller’s obligation to inform, are regulated by this Policy.

Regarding your personal data processed within our Company; your processed personal data, principles of personal data processing, purposes and conditions of personal data processing, transfer of your personal data domestically and abroad, destruction of your personal data, and the practices and principles regarding your rights over the processed personal data are hereby notified to you as follows.

Bilgiçler Yapı İnşaat Ltd. Şti. (Hereinafter referred to as “Bilgiçler”), will comply with the KVKK and other relevant regulations, and will act in accordance with the procedures and processes specified in this Policy in terms of processing, using, destroying, transferring, and other matters related to your personal data, in order to ensure the compliance of your personal data processing with the Law and other regulations.

  1. DEFINITIONS
Explicit Consent: Informed consent, based on information about a specific subject and voluntarily provided with free will.
Anonymization: The anonymization of personal data to a degree where it cannot be associated with an identified or identifiable natural person by any means, even when combined with other data.
Personal Data: Any kind of information relating to an identified or identifiable natural person.
Processing of Personal Data: Any operation performed on personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Subject: The natural person whose personal data is being processed.
Special Category Personal Data: Information regarding individuals’ race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance, association, foundation, or union membership, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data, are considered as special categories of personal data.
Data Processor: Data processor is the natural or legal person who processes personal data on behalf of the data controller based on the authorization given by the data controller.
Data Controller: The data controller is the natural or legal person responsible for determining the purposes and means of processing personal data, as well as for establishing and managing the data recording system.

PRINCIPLES OF PROCESSING PERSONAL DATA

Our company conducts its personal data processing activities within the framework of the principles and rules regulating the processing of personal data, as specified in Article 4 of the KVKK.

1. Compliance with the Law and Fairness

Our company processes your personal data in compliance with the KVKK and other mandatory laws and regulations applicable to the relevant business.

2. Accuracy and Timeliness

Our company ensures that the personal data provided by the data subject is not altered without authorization and is kept up-to-date. In case of any changes to the processed data, necessary actions are taken to update the personal data upon request of the data subject.

3. Processing for Specified, Explicit, and Legitimate Purposes

The personal data processed by our company is processed in accordance with the purposes notified to you and within the notified framework.

4.Relevance, Limitation, and Proportionality to the Purpose of Processing

Our company does not process personal data that is not relevant to its activities, not required within the scope of its activities, or exceeds the purpose of processing.

5.Retention for the Period Stipulated by Relevant Legislation or Required for the Purpose of Processing

Your data processed within the framework of the KVKK and other related laws and regulations are retained for the periods stipulated by the relevant legislation or for the time required for the purpose of processing the personal data, depending on the nature of the processed personal data.

  1. CONDITIONS FOR PROCESSING PERSONAL DATA AND EXCEPTIONAL CIRCUMSTANCESPersonal data of general nature to be processed within the scope of the Company’s activities;

    a) With the explicit consent of the data subject, or
    b) Clearly stipulated in the laws, or
    c) In cases where the consent cannot be obtained due to actual impossibility or the consent of the data subject or another person is not legally valid, and it is necessary for the protection of the life or physical integrity of the data subject or another person,
    d) Provided that it is directly related to the establishment or performance of a contract, the processing of personal data belonging to the parties to the contract is necessary,
    e) Necessary for the data controller to fulfill its legal obligation,
    f) Already made public by the data subject,
    g) Necessary for the establishment, exercise, or protection of a right,
    h) If one of the necessary conditions for processing personal data without the explicit consent of the data subject for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

-Special categories of personal data to be processed within the scope of the company’s activities;

a) It shall not be processed without the explicit consent of the data subject,
b) Except for special categories of personal data relating to health and sexual life, it may be processed without the explicit consent of the data subject in cases stipulated by laws,
c) Special categories of personal data related to health and sexual life may be processed without the explicit consent of the data subject for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and their financing.

  1. KİŞİSEL VERİ TASNİFİ
Identity Information: The information written on your identity card; name, surname, mother’s name, father’s name, place of birth, date of birth, marital status, religion, blood type, registered city, district, and neighborhood, and any other information written on your identity card.
Contact Information: The contact information requested from you or provided by you for communication purposes with your side; such as home phone number, mobile phone number, residential address or other address information, email address.
Personal Information – Photocopy of the ID card,
– Certificate of registry of population records,
– Residence Certificate,
– Health report,
– Photocopy of diploma,
– Criminal record,
– Passport-sized photograph,
– Document indicating family status,
– Military service certificate,
– Employment Contract / Service Contract,
– SGK (Social Security Institution) employment declaration,
– Your criminal record (your criminal record),
– Information and documents regarding your health status / Health report for heavy and hazardous works,
– Blood type card,
– Bank account statement,
– Spouse and children’s ID photocopies,
– İŞKUR (Turkish Employment Agency) registration card.
Bank Account Information   Bank account number, IBAN number, credit card and bank card-related other information.
Resume Information  

Your educational information stated in your resume document or requested by our Company, or provided by you, such as education details, school information, certificate details, education status, and information about your trainings,

Location, date, and duration information about your work experiences stated in your resume document or requested by our Company, or provided by you, details about your previous jobs and positions, and any other information related to your work experiences,

Your photograph stated in your resume document or requested by our Company, or provided by you,

Your driver’s license and the information written on your driver’s license, stated in your resume document or requested by our Company, or provided by you,

Your references stated in your resume document or requested by our Company, or provided by you, and information related to your references.

  • Ensuring the Security of Personal Data

As Bilgiçler, we implement the necessary technical and administrative measures within the framework of required technological infrastructure to ensure the security of your personal data processed within the scope of company activities in compliance with the Personal Data Protection Law (KVKK) and relevant legislation; in this regard, we take preventive measures against data breaches, unauthorized access, data loss, unauthorized alteration of data, and other threats by conducting necessary audits.

In this context, we identify existing risks and threats, raise awareness among our employees through training and awareness campaigns, establish policies and procedures regarding personal data security, ensure data minimization, formulate necessary confidentiality agreements with data processors; utilize security firewalls and up-to-date antivirus programs for cyber security, configure our existing software and hardware, perform software updates and audits; ensure the security of physical and electronic environments containing personal data, and take necessary measures to prevent unauthorized access to your data through key management, access logs, user account management, penetration testing, and encryption methods.

  • Purposes of Processing Personal DataYour personal data is processed for the purposes of conducting company activities and fulfilling legal obligations, limited to these purposes.

In this regard,

Regarding Personal Data of Customers, Potential Customers, and Business and Solution Partners:
– To provide more effective services with our suppliers and business partners; to conduct legal and financial processes,
– Ensuring workplace security, commercial security, and economic security,
– To allow authorized private legal entities and individuals to audit the compliance of business activities conducted by our company within the scope of audits,
– Posting visuals on corporate social media accounts regarding our company’s organization and other activities,
– Execution of necessary workflow processes by relevant departments of our company for the fulfillment and improvement of the service provided by our company,
– Sending electronic commercial messages for campaigns/promotions/information/product and/or service promotion/advertising purposes in accordance with the Law on Regulation of Electronic Commerce No. 6563 and the Regulation on Commercial Communication and Commercial Electronic Messages,
– Sending messages for celebration and well-wishing purposes,
– Presentation and newsletter sharing,
– Identity information, contact information, financial identity information, and other personal data provided to us and/or requested by us for the purpose of fulfilling obligations arising from relevant laws and contracts may be processed in electronic and physical environments.

  1. Regarding the Security Camera Application in the Workplace:
    Within Bilgiçler, monitoring is conducted with security cameras at the entrance of the workplace, in compliance with the Occupational Health and Safety Law No. 6331, Labor Law No. 4857, and related secondary legislation, for the purpose of ensuring the safety of employees’ lives and property and maintaining workplace security. In the monitored area, a notification indicating that monitoring is in progress is provided. The positioning of the security cameras is conducted with consideration for the proportionality limit within the framework of ensuring workplace security and the legitimate interests of the employer.
  2. Regarding Personal Data of Job Applicants:– Sending job applications and resumes to the relevant department for suitability checks and proceeding to the interview process.
    – Assessment and examination of whether you meet the necessary qualifications and requirements for the position you applied for during the job application process, at the time of application, and throughout the application period.
    – Contacting your references and obtaining references about you.
    – Placing you in a position within the company if the job interview results in a positive outcome.
    – Informing you about job opportunities within the company and conducting necessary evaluations if the job interview results in a negative outcome, for potential placement in an appropriate position when a vacancy arises.

    For these purposes and methods, the personal data of job applicants, including resume information, identity information, contact information, and other personal data, are processed.

    3.Regarding Personal Data of Employees:
    – Ensuring internal order, workplace peace, and security.
    – Processing personal data of employees for the purpose of fulfilling legal obligations such as creating and storing personnel files, and sharing them with auditing public institutions and authorized private legal entities during workplace inspections.
    – Utilizing appropriate programs approved by the company for conducting commercial and other activities.
    – Displaying visuals on corporate social media accounts regarding the company’s organization and other activities.
    – Using methods such as electronic surveillance to determine entry and exit times for ensuring workplace and employee safety and protecting life and property, within the framework of the employer’s legitimate interests and in a proportionate manner.
    – Sharing employees’ personal data with private insurance companies in case of obtaining private health insurance or establishing other rights.
    – Sharing personal data of employees with customers upon their request for the temporary provision of services within the relevant customer’s organization during maintenance/repair services provided to customers.
    – Organizing events such as fairs, seminars, training, conferences, trips, social activities, accommodation, and transportation services by the company or on behalf of the company by third parties for which necessary arrangements are made, visa procedures are carried out, notifications about company developments are provided, contact is made with employees and their families when necessary, motivation-based rewards (such as gifts, promotions) are made, and personal data of employees are recorded and transferred to third parties domestically or internationally for the promotion and advertising of company activities.
    – Transferring relevant personal data of employees to third parties with whom the company has a contractual relationship for the performance of service provisions to employees.
    – Processing general and special personal data of employees within the scope of documents and records that need to be preserved within the scope of OHS activities, and sharing them with the workplace physician and OHS Specialist.
    – Keeping records of GSM lines, credit cards, or vehicles allocated to employees within the scope of the employer’s management rights.
    – Sharing personal information about employees who will use the vehicles with companies contracted for car rental purposes.
    – Keeping records of fuel consumption and HGS information for vehicles allocated to employees by the company for the performance of work duties, depending on the nature of the task performed.
    – Storing email correspondence conducted through the corporate email account allocated to the employee in a cloud system located abroad, along with email files.

    For these purposes and methods, personal data of employees including identity information, resume information, personnel information, health information, bank account information, contact information, and other personal data may be processed in electronic and physical environments.

    4. Regarding Personal Data of Contractors:

    – Processing personal data of contractors for the purpose of fulfilling legal obligations such as creating and storing personnel files, and sharing them with auditing public institutions and authorized private legal entities during workplace inspections.
    – Processing general and special personal data of contractors within the scope of documents and records that need to be preserved within the scope of OHS activities, and sharing them with workplace physicians and health officers.
    – Using methods such as electronic surveillance to determine entry and exit times of contractors for ensuring workplace and employee safety and protecting life and property, within the framework of the company’s legitimate interests and in a proportionate manner.
    – For these purposes and methods, personal data of contractors including identity information, personnel information, bank account information, contact information, communication information, health information, education information, and other personal data may be processed.

Transfer of Personal Data Domestically and Internationally:

Your personal data;

May be transferred to third parties from time to time for the purpose of improving the efficiency of our company and developing employment policies, and to ensure sustainability.

For the management and administration of company operations, implementation of company policies, and efficient management of workflow, your personal data may be transferred to databases, Microsoft Office applications, cloud solutions, SAP applications, and backup systems located abroad.

Additionally, your personal data may be transferred to business partners, suppliers, and third parties providing services within the scope of company activities for the provision of products and services.

Upon request or when necessary, your personal data may be shared with enforcement offices or courts (at all levels and stages).

  1. PERSONAL DATA ERASURE

    Personal data processed within the scope of our company’s activities is stored for the duration necessary to achieve the processing purpose and during the storage period prescribed by relevant legislation.

    Data that has lost its function, reached the end of its storage period, or is requested to be erased by the data subject within the framework of the legislation, is destroyed using the appropriate method among the methods of erasure, destruction, or anonymization of personal data listed in Article 7 of the KVKK.

    Erasure of personal data refers to rendering personal data inaccessible and unusable for relevant users.

    Destruction of personal data refers to making personal data inaccessible, irretrievable, and unusable by anyone.

    Anonymization of personal data refers to making personal data unidentifiable or unable to be associated with an identifiable individual, even if matched with other data.

  1. DATA SUBJECT RIGHTS

    As the data subject whose personal data is processed within the scope of our company’s activities, you have the rights listed in Article 11 of the KVKK. You can apply to our company to:

    a) Learn whether your personal data is being processed,
    b) Request information if your personal data has been processed,
    c) Learn the purpose of processing personal data and whether they are used in accordance with their purpose,
    d) Know the third parties to whom personal data is transferred, whether domestically or internationally,
    e) Request correction of your personal data if it is incomplete or inaccurately processed,
    f) Request the deletion or destruction of personal data within the framework of the conditions specified in Article 7 of the KVKK,
    g) Request notification of the operations carried out pursuant to paragraphs (d) and (e) to third parties to whom personal data has been transferred,
    h) Object to the occurrence of a result against the data subject by exclusively analyzing the processed data through automatic systems,
    i) Demand compensation for damages in case of personal data being processed unlawfully.

  1. CLOSING PROVISIONS

    If you exercise your rights as stated above and make an application to our Company regarding the matters mentioned above, your requests in your application will be concluded free of charge within thirty (30) business days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost for the Company, a fee may be requested according to the tariff determined by the Personal Data Protection Board.

    For matters related to the processing of your personal data, you need to fill out and sign the application form available on the Company’s website and submit it to our Company in person by proving your identity.

Bilgiçler Construction Co. Ltd. Contact Information

Head Office Address: Adnan Kahveci, İnönü Cd. No:101, 34528 Beylikdüzü Osb/Beylikdüzü/İstanbul

Head Office Phone Number: 0212 855 73 73

Contact Email Address: info@aktimticaretmerkezi.com.tr

Website for Communication: https://bilgicleryapi.com.tr/

We value the protection of your personal data and request your explicit consent to process it. You can access the Information Notice for comprehensive information via the link. Information Notice