A.OBJECTIVE
Protecting the personal data of employees, customers, potential customers, company officials, visitors, and the parties and institutions with whom they collaborate is critical for the data controller, IZOPAR TRAFO VE İZOLASYON SAN. VE TİC.LTD. ŞTİ.
The procedure managed and the objective to be accomplished with this Policy and other written policies within IZOPAR for the personal data processing and protecting processes is to process and protect the personal data of customers, potential customers, employees, employee candidates, visitors, and the employees of the institutions with which we collaborate and third parties, in accordance with the law.
With this Policy, our company establishes and implements the fundamental rules for the processing of personal data.
SCOPE
The fundamental purpose of this Policy is to inform our employees, customers, potential customers, employee candidates, employees of the institutions with which we collaborate, and other persons whose data is processed, about the personal data processing activities carried out in accordance with the law and the systems in place to protect personal data, the Company's data processing systems, the measures within this scope, the rights of the data owners, and the data owners' rights.
This Policy includes all the personal data of employees, customers, potential customers, employee candidates, visitors, company authorities, employees of the institutions with which we collaborate, and third persons whose data is processed by us, which are automatic or non-automatic, via being a part of the data recording system.
If there is a conflict between the current legislation and the Policy, the provisions of the legislation will be implemented first. In cases where there is a policy or legislation constituted for special purposes other than this fundamental Policy, the articles containing special provisions are primarily implemented. The provisions of other policies and documents contradicting this Policy and relevant legislation are not implemented.
1.PDP Law: Personal Data Protection Law No. 6698 dated March 24, 2016, published in the Official Gazette dated April 7, 2016, numbered 29677.
2.Constitution: Constitution of Republic of Türkiye dated November 7, 1982, numbered 2709, published in the Official Gazette dated November 9, 1982, numbered 17863.
3.PDP Board: Personal Data Protection Board
4.Policy: İZOPAR TRAFO VE İZOLASYON SAN. VE TİC. LTD. ŞTİ. The Policy of Personal Data Processing and Protection
5.Company: İZOPAR TRAFO VE İZOLASYON SAN. VE TİC. LTD. ŞTİ.
6.Turkish Penal Code: Turkish Penal Code No. 5237 dated September 26, 2004, published in the Official Gazette dated October 12, 2004, numbered 25611.
7.Explicit Consent: Consent about a specific subject based on the information and expressed in free will.
8.Anonymization: To process personal data so that it cannot be associated with an identified or identifiable natural person under any circumstances, to change the personal data so that it loses its personal data quality, and to make this situation irreversible.
9.Personal Data Owner: Natural person whose data are processed.
10.Personal Data: Any information related to the identified or identifiable natural person. Therefore, the processing of data relating to legal persons is not within the scope of the Law.
11.Sensitive Personal Data: Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, the appearance of someone, membership of associations, foundations or trade unions, health, sexual life, criminal conviction, and security measures related data, and biometric and genetic data are sensitive personal data.
12.Processing of Personal Data: All kinds of processes performed on personal data including obtaining, recording, storing, keeping, changing, re-arranging, disclosure, transmission, acquisition, making available, classification or prevention of use in whole or in part, automatically or in non-automatic ways, being part of any data recording system.
13.Data Processor: Data processor is the natural or legal entity that processes personal data on the data supervisor's behalf and on the basis of the authority authorized by the data controller.
14.Data Controller: The natural or legal person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system) is a data controller.
General Manager, Production Manager, Quality Management Representative, Accounting Supervisor
•Our company takes the necessary steps to ensure that the processed personal data is accurate and up-to-date, taking into account fundamental rights and its own interests.
•Our company only processes personal data for certain, legitimate, and legal purposes. Our company formulates the purposes for personal data processing prior to the data processing activity and announces these purposes to data owners during the personal data collection process. If the purposes for which our company processes personal data change, the Policy is revised, and every attempt is taken to notify data owners via several channels.
•Personal data are only processed to achieve the purposes determined by our COMPANY, and data processing that is unrelated to achieving the purpose is avoided. Only the data needed to achieve the specified objectives are collected from data owners.
•Our company stores personal data only for the time specified by legislation or for the duration required for the relevant purpose. Within this scope, if a period is specified in the legislation for personal data storage, our Company stores personal data for the duration of that time period. If a period is not specified in the legislation and there is no legal reason to store the data for a longer period of time, the Company stores the data for the time period required for the purpose for which the data is processed. At the end of the period or when the reasons for processing no longer exist, the Company deletes, destroys, or anonymizes personal data.
The purposes for which our Company may process the data owners' personal information are listed below in general. These purposes may change over time.
•To plan and conduct the necessary operational activities to ensure that our Company's activities are conducted in accordance with the company procedures or the relevant legislation
•To plan and conduct business activities
•To plan and conduct institution management activities
•To plan and conduct the activities to ensure business continuity
•To plan and conduct the human resources processes and needs
•To plan and conduct the sales and marketing activities for the products and services
•To plan and conduct the sales processes for the products and services
•Post-sale support services
•To plan and conduct the customer relationship management processes
•To monitor customer demands and/or complaints
•To plan or monitor customer satisfaction processes
•To monitor agreement processes and/or legal demands
•To monitor finance and/or accounting activities
•To manage wage
•To plan and conduct company audit activities
•To inform authorized persons and/or institutions about the legislation
•To monitor legal works
•To plan and conduct corporate communication activities
•To plan and conduct supplier and or business partner management processes
•To conduct the processes regarding staff recruitment
•To fulfill the obligations arising from the legislation
•To plan and conduct the fringe benefits and interests for the employees
•To plan and conduct the employees' performance assessment processes
•To monitor or audit the employees' business activities
•To plan and conduct onsite and offsite training activities
•To plan and conduct the processes for employee satisfaction or commitment
•To plan and conduct the emergency management processes
•To ensure the safety of the company compound, equipment, and resources
These purposes may require explicit consent, according to the concrete case's features. The process of obtaining the explicit consent of the personal data owners is applied in this situation. If the personal data owner does not give explicit consent, the data of the relevant person can only be processed within the scope of the conditions where personal data can be processed without obtaining explicit consent, and for purposes in accordance with these conditions.
Our Company is storing the personal data for the period specified in this legislation if stated in relevant laws and legislations.
If a period for personal data storage time is not specified in the legislation, the data is processed for the period that requires processing in accordance with the Company's practices, the practices of commercial life, depending on the activity conducted while processing these data, and then deleted, destroyed, or anonymized.
This Policy issued by our Company is dated March 03, 2019.