POLIFONI INDUSTRY AND TRADE LIMITED COMPANY PERSONAL DATA PROTECTION AND PROCESSING POLICY
Document Name: Polifoni Industry and Trade Limited Company Personal Data Protection and Processing Policy
Prepared by: Polifoni Industry and Trade Limited Company
Approved by: Approved by the Senior Management of Polifoni Industry and Trade Limited Company.
This text may not be reproduced or distributed without the written permission of Polifoni Industry and Trade Limited Company.
INTRODUCTION
This Policy is prepared to set protocols regarding data retention and destruction activities. It outlines the principles that will be adopted and taken into consideration by Polifoni Industry and Trade Limited Company.
The Policy aims to define the framework and ensure the coordination of compliance activities to be carried out across the company to comply with the Personal Data Protection Law No. 6698, concerning the protection and processing of personal data.
Within this scope, the goal is to maintain the conduct of activities adopted since the establishment of Polifoni Industry and Trade Limited Company, in accordance with the principles of legality, integrity, and transparency. Our company will also establish the necessary structure, procedures, and processes in line with this goal and objective, and will implement necessary mechanisms to raise awareness among employees and business partners about compliance with the PDPL (Personal Data Protection Law).
SCOPE
This Policy relates to all personal data processed by automatic means or by non-automatic means, provided that it is a part of any data recording system, except for the personal data of our company's employees. Detailed information regarding the owners of these personal data can be found under the "Personal Data Owners" section of this Policy.
IMPLEMENTATION OF THE POLICY AND RELATED LEGISLATION
The relevant legal regulations in force regarding the processing and protection of personal data will primarily apply. In case of any inconsistency between the current legislation and the Policy, our company acknowledges that the applicable legislation will take precedence. The Policy concretizes the rules set out by the relevant legislation within the scope of company practices.
SECTION 1 - PURPOSE OF THE “PERSONAL DATA PROTECTION AND PROCESSING POLICY”
The Policy aims to ensure that the regulations important for compliance with the Personal Data Protection Law (KVKK) are carried out lawfully by Polifoni Industry and Trade Limited Company.
Within this scope, the Policy serves as a guide on how the Company will concretely implement the rules set out by the KVKK and related legislation. Accordingly, our Company will make necessary arrangements within its structure for compliance with the Policy and will ensure the continuity of compliance. In line with the principles outlined in the Policy, all necessary administrative and technical measures will be taken for the processing and protection of personal data, awareness among employees will be ensured, necessary compliance processes will be operated for new employees, and necessary notifications and warnings will be made on the subject.
SECTION 2 - PRINCIPLES RELATED TO THE PROCESSING OF PERSONAL DATA
Acting in accordance with the general principles for the processing of personal data within the scope of the KVKK is one of the important issues. Within this scope, our company acts in accordance with the following fundamental principles in line with the Constitution and the KVKK.
There are fundamental principles regarding the processing of personal data accepted in international documents and reflected in the practices of many countries. Article 4 of the Law regulates the procedures and principles for the processing of personal data in parallel with the Council of Europe Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data and the European Union Data Protection Directive 95/46/EC. Accordingly, the general principles listed in the Law for the processing of personal data are as follows:
Being in conformity with the law and good faith principles,
Being accurate and up-to-date when necessary,
Being processed for specified, explicit, and legitimate purposes,
Being relevant, limited, and proportionate to the purposes for which they are processed,
Being retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
Within our company, the fundamental principles listed above are at the core of all personal data processing activities, and all personal data processing activities are carried out in accordance with these principles.
CONDITIONS FOR THE PROCESSING OF PERSONAL DATA
In addition to the explicit consent of the personal data owner, the basis for the personal data processing activity may be one or more of the conditions specified below. If the processed data are special categories of personal data, the conditions under the title of this Policy ("Processing of Special Categories of Personal Data") will apply.
(i) Presence of the Personal Data Owner's Explicit Consent
One of the conditions for processing personal data is the explicit consent of the data owner. The explicit consent of the personal data owner must be disclosed regarding a specific subject, based on information, and with free will.
In the presence of the following conditions for processing personal data, personal data can be processed without the need for the explicit consent of the data owner.
(ii) Clearly Stipulated by the Law
If the personal data of the data owner is explicitly stipulated by the law, in other words, if there is an explicit provision in the relevant law regarding the processing of personal data, this condition for data processing will be deemed to exist.
(iii) Failure to Obtain the Data Owner’s Consent Due to Actual Impossibility
If it is necessary to process the personal data of a person who is unable to disclose their consent due to actual impossibility or whose consent cannot be validated, to protect the life or physical integrity of the person or another person, the personal data of the data owner can be processed.
(iv) Direct Relevance to the Establishment or Performance of a Contract
If the processing of personal data is necessary for the establishment or performance of a contract to which the data owner is a party, this condition will be deemed fulfilled.
(v) Compliance with the Company’s Legal Obligations
If it is mandatory to process personal data to fulfill the legal obligations of our Company, the personal data of the data owner can be processed.
(vi) Personal Data Made Public by the Data Owner
If the data owner has made their personal data public, the relevant personal data can be processed limited to the purpose of making it public.
(vii) Necessity of Data Processing for the Establishment or Protection of a Right
If the processing of data is necessary for the establishment, use, or protection of a right, the personal data of the data owner can be processed.
(viii) Necessity of Data Processing for the Legitimate Interests of Our Company
If data processing is necessary for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner can be processed.
PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA
Special categories of personal data are processed by our Company in accordance with the principles specified in this Policy, taking all necessary administrative and technical measures, including the methods determined by the Board, under the following conditions:
(i) Special categories of personal data other than those related to health and sexual life may be processed without the explicit consent of the data subject if explicitly stipulated by law, in other words, if there is an explicit provision in the relevant law regarding the processing of personal data. Otherwise, the explicit consent of the data subject will be obtained.
(ii) Special categories of personal data related to health and sexual life may be processed without the explicit consent of the data subject by persons or authorized institutions and organizations that are under the obligation of confidentiality, for the purpose of protecting public health, carrying out medical diagnosis, treatment, and care services, planning and managing health services and financing. Otherwise, the explicit consent of the data subject will be obtained.
SECTION – OBLIGATIONS REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA
Obligation to Register with the Data Controllers' Registry
Before starting data processing, the Company must register with the Data Controllers' Registry within the period determined and announced by the Personal Data Protection Board. The following information must be provided during the registration application to the Data Controllers' Registry:
The identity and address information of the Company as the data controller and, if any, its representative.
The purposes for which personal data will be processed.
Explanations about the group or groups of persons subject to data and the data categories belonging to these persons.
The recipients or groups of recipients to whom personal data may be transferred.
Personal data envisaged to be transferred to foreign countries.
Measures taken regarding the security of personal data.
The maximum period necessary for the purposes for which personal data are processed.
Obligation to Conduct Personal Data Processing Activities in Compliance with Data Processing Conditions
Our Company must act in compliance with the data processing conditions specified in Articles 5 and 6 of the Personal Data Protection Law and the Regulation on the Processing of Personal Health Data, while conducting personal data processing activities, provided that it adheres to the fundamental principles. Accordingly, the Company must determine whether the data processing conditions exist for the personal data processing activities carried out and must not carry out personal data processing activities if these conditions are not met.
Our Company must establish the necessary mechanisms within its internal systems for the lawful processing of personal data, create internal awareness regarding the protection of personal data, and operate necessary audit mechanisms.
Within the scope of personal data processing, our Company must comply with the rules set forth primarily by the Constitution of the Republic of Turkey, the Turkish Penal Code, the Personal Data Protection Law, and other relevant legislation, as well as the Personal Data Protection Policy of Öztaş Livestock Food Products Construction Transportation Industry and Trade Limited Company.
Obligation to Inform the Data Subject
During the acquisition of personal data, the data subject must be informed about the following:
The identity of the Company as the data controller and, if any, its representative,
The purposes for which personal data will be processed,
To whom and for what purposes personal data may be transferred,
The method and legal reasons for collecting personal data.
RIGHTS OF THE PERSONAL DATA SUBJECT
The personal data subject has the following rights:
To learn whether personal data is being processed,
To request information if personal data has been processed,
To learn the purpose of processing personal data and whether it is being used in accordance with its purpose,
To know the third parties to whom personal data is transferred,
To request the correction of incomplete or inaccurate data and the deletion of personal data under certain conditions, and to request that these requests be communicated to third parties,
To object to any result arising against themselves through the exclusive analysis of processed data by automated systems,
To demand compensation for damages if personal data is processed unlawfully.
In this context, the Company must identify personal data collection channels to fulfill the obligation to inform and should inform the data subject with information points and texts in accordance with the scope and conditions required by the Personal Data Protection Law (KVKK). Processes should be designed accordingly.
Obligation to Ensure the Security of Personal Data
In accordance with Article 12 of the Personal Data Protection Law, and with an awareness of the importance of ensuring the security of personal data and protecting the fundamental rights and freedoms of data subjects:
Prevent unlawful processing of personal data,
Prevent unlawful access to personal data,
Ensure the preservation of personal data,
The Company must take all necessary technical and administrative measures to ensure an appropriate level of security.
Companies are also obliged to carry out or have carried out the necessary audits within the scope of ensuring data security.
Obligation to Comply with Decisions Made by the Personal Data Protection Board
The Company must act in accordance with the decisions made by the Personal Data Protection Board, which operates as the executive body of the Personal Data Protection Authority, to ensure that personal data is processed in compliance with fundamental rights and freedoms.
Obligation to Respond to Data Subject Requests
As a data controller, Öztaş must conclude the requests of data subjects regarding their personal data as soon as possible and within thirty (30) days at the latest, in accordance with Article 13 of the Personal Data Protection Law. Data subjects must make their requests regarding their personal data in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.
Pursuant to Article 11 of the Personal Data Protection Law, personal data subjects may request the following from data controllers:
To learn whether their personal data is processed,
To request information if their personal data has been processed,
To learn the purpose of processing their personal data and whether it is used in accordance with its purpose,
To know the third parties to whom their personal data is transferred within the country or abroad,
To request the correction of incomplete or inaccurate data and to request that this be communicated to third parties,
Despite being processed in accordance with the Personal Data Protection Law and other relevant laws, to request the deletion, destruction, or anonymization of personal data in the event that the reasons requiring processing no longer exist, and to request that this be communicated to third parties,
To object to any result arising against themselves through the exclusive analysis of processed data by automated systems,
To demand compensation for damages if personal data is processed unlawfully.
Obligation to Lawfully Transfer and Obtain Personal Data
In accordance with Article 4 of the Personal Data Protection Law, our Company must process personal data in a lawful and honest manner. In this context, the activities of obtaining and transferring personal data must also be carried out lawfully.
Obligation to Comply with Regulations on the Retention of Personal Data
In accordance with Article 7 of the Personal Data Protection Law, our Company must establish the necessary internal systems for the deletion, anonymization, or destruction of personal data, which must be done even if the personal data has been processed lawfully, but the reasons for processing no longer exist. These systems consist of methods that the company can choose according to the situation, as stated in the destruction policy. In addition to the reliable storage of personal data, another important factor is the lawful anonymization, destruction, or deletion of data. Therefore, there is an obligation to act in accordance with the law.
SECTION 1 - FUNDAMENTAL ISSUES TO BE IMPLEMENTED BY THE COMPANY FOR COMPLIANCE WITH THE POLIFONI INDUSTRY AND TRADE LIMITED COMPANY DATA PROTECTION POLICY AND THE PERSONAL DATA PROTECTION LAW
Öztaş Livestock Food Products Construction Transportation Industry and Trade Limited Company has established criteria that must be followed for compliance with the Personal Data Protection Law and the guiding Öztaş Livestock Food Products Construction Transportation Industry and Trade Limited Company Data Protection Policy. The compliance steps determined within this scope are as follows:
FULFILLING THE OBLIGATIONS EXPLAINED IN THE POLIFONI INDUSTRY AND TRADE LIMITED COMPANY DATA PROTECTION POLICY
Polifoni Industry and Trade Limited Company must act in accordance with the fundamental obligations explained under the heading "Obligations Regarding the Protection and Processing of Personal Data" in the Polifoni Industry and Trade Limited Company Data Protection Policy.
CREATING POLICIES FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA
The Company must create a Data Protection and Processing Policy by taking into account its own operations and the regulations foreseen in the Personal Data Protection Law. This policy addresses this issue. The language of the policy to be created should be simple and understandable by data subjects.
PREPARING POLICIES, PROCEDURES, AND GUIDELINES REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA
To ensure compliance with data protection laws, the necessary documents must be prepared for use within the company or to be presented to the authority. Changes to the policies to be made public by our Company must be presented in a way that data subjects can easily access.
CREATING A POLICY FOR THE RETENTION AND DESTRUCTION OF PERSONAL DATA
Retention of Personal Data
Our company retains personal data for the necessary duration related to their processing purposes and for the minimum period stipulated by the relevant legal regulations. In this regard, our company first determines whether a retention period is specified in the relevant regulations. If a period is set, it is followed, and a policy is prepared accordingly. If there is no legal retention period, personal data is retained for the necessary duration related to its processing purpose. At the end of the determined retention periods, personal data is destroyed in accordance with periodic destruction schedules or upon the data subject's request and using the specified destruction methods (deletion and/or destruction and/or anonymization).
Categories of Personal Data and Descriptions
Customer: Individuals who use or have used the products and services offered by our company, regardless of whether they have any contractual relationship with the company.
Potential Customer: Individuals who have expressed interest or requested our products and services, evaluated based on commercial practice and principles of honesty.
Visitor: Individuals who have entered our company's physical premises for various purposes or visited our websites.
Third Party: Individuals associated with third parties who are involved with the company to ensure the security of commercial transactions or to protect the rights and interests of the mentioned parties (e.g., family members and close contacts).
Job Applicant: Individuals who have applied for a job with us through any means or have opened their resumes and related information for our company's review.
Shareholder: Individuals who are shareholders of our company.
Company Official: Members of our company's board of directors and other authorized individuals.
Employees, Shareholders, and Officials of Partner Institutions: Individuals working at institutions with which we have business relationships (such as partners, dealers, authorized services, suppliers, etc.), including shareholders and officials of these institutions.
Categories of Personal Data and Descriptions
Identity Information: Data related to a person's identity, including name, surname, T.C. ID number, nationality, mother’s name, father’s name, place of birth, date of birth, gender, and documents such as driver’s license, ID card, and passport, as well as tax number, SGK number, vehicle license plate, etc.
Contact Information: Phone number, address, email, fax number.
Location Data: Information identifying the location of the personal data owner during the use of our products and services or while using our company’s vehicles by employees of partner institutions.
Customer Information: Information obtained and produced about individuals as a result of our commercial activities and operations carried out by our business units.
Family and Close Contact Information: Information about the data owner’s family members and close contacts collected in relation to our company's operations or for the protection of the company's and the data owner's legal and other interests.
Customer Transaction Information: Information clearly indicating that it belongs to an identifiable or identifiable natural person, recorded in the data recording system, including records of the use of our products and services and instructions and requests necessary for the use of these products and services.
Physical Space Security Information: Personal data recorded during entrance to physical spaces, during stay within the space, and related to records and documents such as camera recordings, fingerprint records, and security checkpoint records.
Operational Security Information: Personal data processed to ensure our technical, administrative, legal, and commercial security during the execution of our commercial activities (e.g., log records).
Risk Management Information: Personal data processed through methods used in accordance with generally accepted legal, commercial practice, and principles of honesty to manage our commercial, technical, and administrative risks.
Financial Information: Personal data processed either fully or partially automatically or manually as part of the data recording system, showing financial results created according to the type of legal relationship between our company and the data owner, including bank account numbers, IBAN numbers, credit card information, financial profiles, asset data, income information, etc.
Personal Information: Any personal data processed to establish the rights of individuals working with our company.
Job Applicant Information: Personal data processed regarding individuals who have applied to work with our company or have been evaluated as job candidates in accordance with commercial practice and principles of honesty.
Special Category Personal Data: Data related to individuals' race, ethnicity, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance, membership in associations, foundations, or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
Request/Complaint Management Information: Personal data related to receiving and evaluating any requests or complaints directed to our company.
Audit Information: Personal data processed during internal or external audit activities to ensure compliance with legal obligations and company policies.
Legal Proceedings and Compliance: Personal data processed for determining, tracking legal claims and rights, fulfilling our legal obligations, and ensuring compliance with company policies.
Exercising Rights by Personal Data Owners
Personal data owners can submit their requests related to their rights ("Rights of Personal Data Owners") to our company using the methods determined by the Board. Accordingly, a Data Subject Application Form may be requested from the company.
In accordance with Article 13 of the Law, the company will conclude requests free of charge within the shortest time possible and no later than 30 (thirty) days, depending on the nature of the request. If the request is denied, the reasons for the denial will be provided in writing or electronically. If the process incurs costs, the tariff set by the Personal Data Protection Board will be applied.
You can contact us for application, or you can apply in person to the company address.
________________________________________________________________________
POLIFONİ INDUSTRY AND TRADE LIMITED COMPANY WEBSITE PRIVACY AND COOKIE POLICY
Polifoni Industry and Trade Limited Company (“Polifoni” or “Company”) is committed to protecting the privacy of individuals (“Data Subjects”) who visit its website.
PROCESSING OF PERSONAL DATA OF DATA SUBJECTS
Personal data collected during your visit to our website may be processed by the Company, as the data controller, in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”) within the scope described below. Detailed information regarding the processing of your personal data can be found in the Polifoni Industry and Trade Limited Company Personal Data Protection and Processing Policy.
PARTIES TO WHOM YOUR PERSONAL DATA IS TRANSFERRED AND PURPOSE OF TRANSFER
Personal data obtained as a result of your visit to our website may be transferred to third parties in accordance with the purposes of processing your personal data and within the conditions and purposes specified in Articles 8 and 9 of the KVK Law.
METHOD AND LEGAL BASIS OF COLLECTION OF YOUR PERSONAL DATA
Any information that identifies or makes you identifiable is considered “personal data.” During your visit to our website, your personal data is collected through technical communication files known as cookies, in compliance with the data processing conditions outlined in the Law.
RIGHTS OF DATA SUBJECTS
As a data subject, you have the following rights under Article 11 of the Law:
To learn whether your personal data is being processed,
To request information if your personal data has been processed,
To learn the purpose of processing your personal data and whether it is used for its intended purpose,
To know the third parties, both domestic and international, to whom your personal data is transferred,
To request the deletion or destruction of personal data when the reasons requiring its processing no longer exist, even if it has been processed in compliance with the Law and relevant regulations, and to request notification of such action to third parties to whom your personal data has been transferred,
To object to any result that may be produced against you by exclusively automated processing of your data,
To request compensation for damages incurred due to unlawful processing of your personal data.
You can submit your requests regarding the above rights by filling out the Polifoni Industry and Trade Limited Company Data Subject Application Form, which you can obtain from the Data Subject Application Form. Your applications will be responded to free of charge within the shortest time and within thirty days at most; however, if the process incurs additional costs, a fee may be charged according to the tariff determined by the Personal Data Protection Board.
COOKIE POLICY
We use cookies to ensure you get the most out of our website and to enhance your user experience. If you prefer not to use cookies, you can delete or block cookies through your browser settings. By continuing to use this site without changing your cookie settings, you consent to our use of cookies.
WHAT ARE COOKIES AND WHY ARE THEY USED?
Cookies are small text files stored on your device or network server through browsers by websites you visit.
The primary purposes for using cookies on our website are:
To enhance the functionality and performance of the website, improving the services offered to you,
To improve the website and provide new features, and to personalize the features according to your preferences,
To ensure the legal and commercial security of both you and the Company.
TYPES OF COOKIES USED ON OUR WEBSITE
Technical Cookies: These cookies ensure the functionality of the website and help identify non-functioning pages and areas.
Flash Cookies: These are used to enable multimedia content such as images or audio on the website.
Authentication Cookies: These cookies remember your preferences across different pages of the website, such as language settings.
Analytical Cookies: Analytical cookies provide information on the number of visitors, pages viewed on the website, visit times, and scrolling actions.
CAN YOU PERSONALIZE YOUR COOKIE PREFERENCES?
Yes, you can personalize your cookie preferences by adjusting your browser settings.
Adobe Analytics: http://www.adobe.com/uk/privacy/opt-out.html
AOL: Clear Cookies, Enable Cookies
Google Adwords: https://support.google.com/ads/answer/2662922?hl=en
Google Analytics: https://tools.google.com/dlpage/gaoptout
Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
Opera: http://www.opera.com/browser/tutorials/security/privacy/
Safari: https://support.apple.com/kb/ph19214?locale=tr_TR