As PIMSER (“Company” and “Company”), within the scope of the Law on the Protection of Personal Data No. 6698 (“Law”), processing and protecting personal data in accordance with the law is among our top priorities. We follow the same priority in all our planning and business activities. In this context, to enlighten you in accordance with Article 10 of the Law; We present this Personal Data Processing and Protection Policy (“Policy”) to your information in order to inform all the administrative and technical measures we will implement within the scope of processing and protection of personal data.
This policy; determines the conditions for the processing of personal data and sets out the principles adopted by the Company in the processing of personal data. In this context, the Policy; It covers all personal data processing activities carried out by the company within the scope of the Law, all personal data processed and the owners of this data.
3. DEFINITIONS AND ABBREVIATIONS
Consent on a particular subject, based on information and expressed with free will.
Making the data previously associated with a person incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching them with other data.
Real persons who do not work within the company but are in the status of employee candidate.
Any information relating to an identified or identifiable natural person.
The natural person whose personal data is processed.
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system. Any operation performed on the data, such as blocking.
Law on Protection of Personal Data No. 6698, published in the Official Gazette dated 7 April 2016 and numbered 29677.
Data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
PIMSER PROJE ELECTRONICS INC.
It is the natural and legal person who processes personal data on behalf of the data controller based on the authority given by the data controller.
It is the person who determines the purposes and means of processing personal data and manages the place where the data is kept in a systematic way.
It is a recording system in which personal data is processed and structured according to certain criteria.
Persons with whom the Company has partnered within the scope of contractual relations within the framework of its commercial activities.
4. ENFORCEMENT OF THE POLICY
This Policy, prepared by the company, entered into force on 31.03.2021 and was presented to the public. In case of conflict with the legislation in force, especially the Law, and the regulations included in this Policy, the provisions of the legislation shall apply.
4.1. INFORMATION ON PERSONAL DATA PROCESSING ACTIVITIES PERFORMED BY THE COMPANY
4.1.1. Data Owners
Data subjects within the scope of the policy are all natural persons, other than Company employees, whose personal data are processed by the Company. In general, data owners can be listed as follows;
It refers to the real persons who benefit from the products and services offered by the Company.
It refers to real persons who are interested in the products and services offered by the company and have the potential to turn into customers.
It refers to real persons who apply to the company by sending a CV or by other methods.
It refers to people who come to visit the company for any reason.
It refers to natural persons, excluding the categories of data subjects mentioned above and Company employees.
The categories of data subjects described in the table above are specified for general information sharing purposes. The fact that the data owner does not fall under any of these categories does not remove the data owner's qualification as specified in the Law.
4.1.2. Purposes of Processing Personal Data
Carrying out the necessary work by the relevant units and executing business processes in order to benefit the persons concerned from the products and services offered by the Company:
Planning and execution of customer relationship management processes
Follow-up of contract processes and/or legal requests,
Follow-up of customer requests and/or complaints.
Planning and executing company human resources policies and processes:
Planning and execution of talent-career development activities,
Fulfilling the obligations arising from employment contracts and/or legislation for company employees,
Planning and execution of fringe benefits and benefits for employees,
Planning and executing in-house orientation activities,
Planning and execution of personnel exit procedures,
Planning of human resources processes,
Managing personnel procurement processes,
Planning and execution of appointment-promotion and dismissal processes for the company,
Planning and execution of employee performance evaluation processes,
Monitoring and/or control of the business activities of the employees,
Planning and/or execution of in-company training activities,
Planning and execution of employee satisfaction and/or loyalty processes,
Planning and executing the processes of receiving and evaluating suggestions for the improvement of the work and / or production processes of the employees,
Planning and/or execution of intern and/or student recruitment, placement and operation processes.
For the realization of the commercial activities carried out by the company, the necessary work is carried out by the relevant business units and the related business processes are carried out:
Planning and execution of business activities,
Planning and execution of corporate communication activities,
Planning and execution of supply chain management processes,
Planning and execution of production and/or operation processes,
Planning, auditing and execution of information security processes,
Creation and management of information technology infrastructure,
Planning and executing information access authorizations of business partners,
Follow-up of finance and/or accounting works,
Planning and execution of corporate sustainability activities,
Planning and execution of corporate governance activities,
Planning and/or execution of business continuity activities,
Planning and execution of logistics activities.
Planning and executing the activities necessary to recommend and promote the products and services offered by the company to the relevant people by customizing them according to their tastes, usage habits and needs:
Identification and/or evaluation of the persons to be subject to marketing activities in line with consumer behavior criteria,
Designing and/or performing personalized marketing and/or promotional activities,
Designing and/or executing advertising and/or promotion and/or marketing activities in digital and/or other media,
Designing and/or executing activities to be developed on customer acquisition and/or value creation in existing customers in digital and/or other channels,
Planning and/or executing data analytics studies for marketing purposes,
Planning and execution of marketing processes of products and / or services,
Planning and/or executing the processes of establishing and/or increasing loyalty to the products and/or services offered by the company.
Planning and executing the Firm's commercial and/or business strategies:
Managing relations with business partners.
Ensuring the legal, technical and commercial occupational safety of the Company and the persons who have a business relationship with the Company:
Follow-up of legal affairs
Planning and executing the necessary operational activities to ensure that the company's activities are carried out in accordance with company procedures and/or relevant legislation,
Giving information to authorized institutions based on legislation,
Creating and tracking visitor records,
Planning and execution of emergency management processes,
Realization of corporate and partnership law transactions,
Planning and execution of company audit activities,
Planning and/or execution of occupational health and/or safety processes,
Realization of risk management of credit processes,
Ensuring the security of company premises and/or facilities,
Ensuring the security of company operations,
Planning and/or execution of the company's financial risk processes,
Ensuring the security of company fixtures and/or resources.
4.1.3 Categories of Personal Data
Information contained in documents such as driver's license, identity card, residence, passport, attorney's ID, marriage certificate.
Information used to contact the person (eg e-mail address, phone number, mobile phone number, address).
Information that serves to identify the location of the data subject (eg location information obtained while driving).
Information about customers who benefit from our products and services (eg customer number, occupation information, etc.).
Customer Transaction Information
products and services
Information on all kinds of transactions carried out by customers who benefit from our services.
Physical Space Security Information
Personal data regarding records and documents such as camera records, fingerprint records taken during the entrance to the physical space and during the stay in the physical space.
Transaction Security Information
Personal data processed to ensure technical, administrative, legal and commercial security while carrying out the Company's commercial activities.
Personal data processed for information, documents and records showing all kinds of financial results created according to the type of legal relationship established by the Company with the personal data owner.
Employee Candidate Information
Personal data processed regarding individuals who have applied to be an employee of the Company or who have been evaluated as an employee candidate in line with human resources needs in accordance with commercial practices and honesty rules, or who have a working relationship with the Company.
Legal Process and Compliance Information
Personal data processed within the scope of determination of legal receivables and rights of the company, follow-up and performance of debts, legal obligations and compliance with company policies.
Audit And Inspection Information
Personal data processed within the scope of the Company's legal obligations and compliance with company policies.
Special Qualified Data
Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
Personal data processed for the purpose of customizing and marketing the products and services offered by the Company in line with the usage habits, tastes and needs of the personal data owner, and the reports and evaluations created as a result of these processing results.
Request/Complaint Management Information
Personal data regarding the receipt and evaluation of all kinds of requests or complaints directed to the Company.
Reputation Management Information
Information collected for the purpose of protecting the company's commercial reputation, evaluation reports and actions taken.
Incident Management Information
Personal data processed for the purpose of taking the necessary legal, technical and administrative measures against the developing events in order to protect the commercial rights and interests of the Company and the rights and interests of its customers.
4.2. PRINCIPLES AND CONDITIONS REGARDING THE PROCESSING OF PERSONAL DATA
The company, in accordance with Article 4 of the Law, regarding the processing of personal data; engages in the processing of personal data in a limited and measured manner in accordance with the law and the rules of honesty, accurately and, when necessary, for up-to-date, specific, clear and legitimate purposes. The company retains personal data for as long as required by law or for the purpose of processing personal data.
4.2.1 Principles Regarding the Processing of Personal Data
The company is to enlighten the data owners in accordance with Article 10 of the KVK Law, and in cases where consent is required, the company processes this personal data on the basis of the principles set forth below, by requesting their consent.
Processing of Data in Compliance with the Law and the Rule of Integrity
The company acts in accordance with the principles brought by legal regulations and the general rule of trust and honesty in the processing of personal data. In accordance with the principle of compliance with the rule of integrity, the Company considers the interests and reasonable expectations of the data subjects while trying to achieve its goals in data processing.
Ensuring Personal Data Are Accurate and Up-to-Date When Necessary
Keeping personal data accurate and up-to-date is necessary for the Company to protect the fundamental rights and freedoms of the person concerned. The Firm's obligation of active care in ensuring that personal data is accurate and up-to-date when necessary
exists. For this reason, all communication channels are open for the Company to keep the information of the data owner accurate and up-to-date.
Processing of Data for Specific, Explicit and Legitimate Purposes
The company clearly and precisely determines the purpose of processing personal data, which is legitimate and lawful. It processes personal data in connection with the commercial activity it carries out and as necessary for these.
Relating to the Purpose for which Data are Processed, Limited and Measured
Company; processes personal data within the scope of the purposes related to its field of activity and necessary for the conduct of its business. For this reason, it processes personal data in a way that is suitable for the realization of the determined purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed.
Retention of Data for the Period Envisioned in the Related Legislation or Required for the Purpose of Processing
The company retains personal data only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context; primarily in the relevant legislation
determines whether a period is foreseen for the storage of the data, acts in accordance with this period if a period is determined, and if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed. Personal data is deleted, destroyed or anonymized by the Company after the purpose of processing personal data disappears or when the period stipulated in the legislation expires.
Conditions Regarding the Processing of Personal Data
In the presence of at least one of the personal data processing conditions in Article 5 of the Law, your personal data is processed by the Company.
Explicit Consent of the Personal Data Owner
One of the conditions for the processing of personal data is the explicit consent of the owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and free will.
In order to process personal data based on the explicit consent of the personal data owner, explicit consent is obtained from the customers, potential customers and visitors with the relevant methods.
Clearly Predicting Personal Data Processing Activities in Laws
The personal data of the data owner can be processed in accordance with the law without the explicit consent of the data owner, if it is expressly stipulated in the law.
Failure to Obtain the Explicit Consent of the Person Due to Actual Impossibility
The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to express his or her consent due to actual impossibility or whose consent will not be valid, in order to protect the life or physical integrity of himself or another person.
Personal Data Being Directly Related to the Establishment or Performance of a Contract
It is possible to process personal data if it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
Fulfilling the Firm's Legal Obligation
In case the processing is necessary for the Company to fulfill its legal obligations as a data controller, the personal data of the data subject can be processed.
Making the Personal Data of the Data Owner Public
If the data owner has made his personal data public by himself, the relevant personal data may be processed.
Mandatory Data Processing for the Establishment or Protection of a Right
If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.
Mandatory Data Processing for the Legitimate Interest of the Firm
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is necessary for the legitimate interests of the Company.
4.2.2. Processing of Private Personal Data
The company strictly complies with the regulations stipulated in the KVK Law in the processing of personal data determined as "special quality" by the KVK Law.
By the company; Special categories of personal data are processed in the following cases, provided that adequate measures to be determined by the KVK Board are taken:
If the personal data owner has express consent, or
If the personal data owner does not have express consent;
Special categories of personal data other than the health and sexual life of the personal data owner, in cases stipulated by the laws,
Persons or authorized institutions and organizations that are under the obligation to keep confidential, only for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. processed by.
4.3. TRANSFERRING PERSONAL DATA
The company can transfer the personal data and sensitive personal data of the data owner to third parties in the country or abroad by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. Accordingly, the company acts in accordance with the regulations stipulated in Article 8 of the KVK Law.
4.3.1. Transfer of Personal Data to Third Parties in the Country
Your personal data can be transferred by the Company in the presence of at least one of the data processing conditions stated in Articles 5 and 6 of the Law and explained under Title 3 of this Policy, provided that it complies with the basic principles regarding data processing conditions.
4.3.2. Transfer of Personal Data to Third Parties Abroad
The company can transfer the personal data and sensitive personal data of the personal data owner to third parties abroad, in the presence of at least one of the data processing conditions explained under Title 3 of this Policy and by taking the necessary security measures. Personal data by the company; Foreign countries declared to have sufficient protection by the KVK Board (“Foreign Country with Sufficient Protection”) or
In case of absence, it is transferred to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the permission of the KVK Board (“Foreign Country Where the Data Controller Undertaking Adequate Protection Is Located”). Accordingly, the company acts in accordance with the regulations stipulated in Article 9 of the KVK Law.
4.3.3. Third Parties and Purposes of Transfer of Personal Data
In accordance with the general principles of the law and the data processing conditions in Articles 8 and 9, the Company can transfer data to the parties categorized in the table below:
Persons to whom Data Transfer can be made
Parties with whom the Firm has established business partnerships while carrying out its commercial activities
Limited sharing of personal data in order to ensure the fulfillment of the purposes of the establishment of the business partnership
Shareholders who are authorized to design the strategies and audit activities of the Firm's commercial activities in accordance with the provisions of the relevant legislation
Sharing personal data limited to designing strategies for the Company's commercial activities and auditing purposes
Members of the board of directors and other authorized persons
Sharing personal data limited to designing strategies for the Company's commercial activities, ensuring the highest level of management and auditing purposes
Legally Authorized Public Institutions and Organizations
Public institutions and organizations that are legally authorized to receive information and documents from the Firm
Limited personal data sharing for the purpose of requesting information by relevant public institutions and organizations
Legally Authorized Private Law Persons
Private law persons who are legally authorized to receive information and documents from the Firm
Sharing of data limited to the purpose requested by the relevant private legal persons within the legal authority
4.4. RIGHTS OF THE DATA SUBJECT AND THE USE OF RELATED RIGHTS
4.4.1. Rights of personal data owner:
1. Learning whether personal data is processed or not,
2. Requesting information on personal data if it has been processed,
3. To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
4. Knowing the third parties to whom personal data is transferred in the country or abroad,
5. Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
6. To request the deletion or destruction of personal data in the event that the reasons requiring its processing have disappeared, although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, and to request the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
7. Objecting to this result if a result against the person arises by analyzing the processed data exclusively through automated systems,
8. To request the compensation of the damage in case of loss due to unlawful processing of personal data.
In case the personal data is not obtained directly from the data owner; By the company (1) within a reasonable period of time after the personal data is obtained, (2) during the first communication in case the personal data is to be used for communication with the data owner, (3) at the latest, if the personal data is to be transferred, for the first time at the latest. At the time of transfer, activities regarding the disclosure of data owners are carried out.
4.4.2. Cases where the personal data owner cannot assert his rights:
Personal data owners cannot claim their rights listed in 5.1 in these matters, since the following cases are excluded from the scope of the KVK Law in accordance with Article 28 of the KVK Law:
1. Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with,
2. Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics,
3. Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime,
4. Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security,
5. Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
28.2 of the KVK Law. pursuant to article; Personal data owners in the cases listed below
Except for the right to demand the compensation of the damage, they cannot claim their other rights listed in 5.1:
1. Personal data processing is necessary for the prevention of crime or for criminal investigation,
2. Processing of personal data made public by the personal data owner himself,
3. The processing of personal data is necessary for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
4. The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
4.5. DELETING, DESTROYING, MAKING PERSONAL DATA ANONYMOUS
Although it has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, personal data is deleted or destroyed upon the decision of the Company or upon the request of the personal data owner, in case the reasons requiring processing are eliminated. or anonymized. In this context, the Company takes the necessary technical and administrative measures within the Company in order to fulfill its related obligation; has developed the necessary working mechanisms in this regard; trains, assigns and raises awareness of the relevant business units in order to comply with these obligations.