Privacy Policy
Samet Kalıp ve Madeni Eşya
Sanayi ve Ticaret Anonim Şirketi
Controller
The
responsible party (the controller) for this Privacy Policy is:
Samet
Kalıp ve Madeni Eşya Sanayi ve Ticaret Anonim
Şirketi (“Samet Kalıp” or the “Company”)
Atatürk Mahallesi Adnan Menderes Caddesi No:
8-13 34513 Esenyurt – İstanbul / Turkey
Introduction
Being
transparent about how we, as the controller, process data of our customers, job
candidates, website users and/or members and other related natural persons who
may reach us via other channels, is important.
In this Privacy
Policy, we explain how we comply with the current Turkish Data Protection Law
(KVKK), the European privacy law, the General Data Protection Regulation (GDPR)
and other applicable laws and regulations regarding data protection and
information security. In addition, we explain which personal data we collect
and use, and for what purpose. We recommend you read this policy carefully.
Please feel free to contact us in case of any questions or requests.
Please
note: this Privacy Policy does not apply to websites or
services of third parties, including hyperlinks to websites or others than Samet Kalıp. We are not
responsible for the privacy policy and the use of cookies on those websites.
When do we
collect and process personal data?
We collect
and processes personal data in the following cases, including:
·
When you contact us directly, for example via our
website, and you are interested, for example, in our products or services or
have any other concerns.
·
When you apply as a candidate for a job opening
position via our website or the website of an external partner where the job
has been published.
Legal basis for the processing of personal data
According to article 6 of the GDPR and other applicable data protection
legislation, we are required to have a legal basis for processing of your
personal data. We only process your personal data if this is permitted by an
applicable legal regulation. Hereby, we will base the processing of your data
on, among others, the following legal principles.
·
Consent: We will process certain data only on
the basis of the consent you have given explicitly and voluntarily. You
have the right to revoke your consent at any time with effect for the future.
·
Fulfillment of a contract /
pre-contractual measures: For initiation and and/or
execution of your contract with Samet Kalıp and/or our partners, we need access to certain data
of our customers.
·
Fulfillment of a legal
obligation: Samet
Kalıp is subjected to a number of
legal specifications. We must process certain data to comply with these
specifications.
·
Protection of legitimate
interests: Samet
Kalıp will process certain data in order to protect
her legitimate interests or the interests of third parties, except where such
interests are overridden by the interests or fundamental rights and freedoms of
the data subject which require protection of personal data.
How do we process your personal data?
We process personal data, which can be related directly or indirectly to
natural persons (whether or not provided by the
specific natural person). Lawful and careful handling of these personal data is
very important for our organization. Therefore, these personal data are processed
carefully by Samet Kalıp.
In our processing, we adhere to the requirements of the applicable laws and
regulations. This means that:
·
We disclose the purpose of use of personal data;
·
We do not collect more personal data then data
required for legitimate purposes;
·
We ask you actively for your permission to process
your personal data in case where your permission for data processing is required;
·
We take adequate technical and organizational necessary
measures to protect your personal data;
·
We provide you information on your request of use of
any data subject rights such as clarification, correction, deletion or exportation
of your personal data .
Safety measures to protect your data
According the GDPR and other applicable data protection legislation, we are
required to take technical and organizational safety measures to protect your
personal data.
Samet Kalıp has taken all necessary technical and organizational
measures in order to prevent the processing of the personal data in violation
of the applicable legislation, to prevent unauthorized access to personal data and
to ensure that personal data is preserved, processed and transferred at an
adequate level of security.
Samet Kalıp has also taken additional technical and
organizational measures within the scope of the ISO 27001 Information Security
Management System certificate it holds. "Information Security
Handbook" that is in effect within Samet Kalıp has been prepared in accordance with the standards of
ISO/IEC 27001 Information Technologies - Security Techniques - Information
Security Management Systems – Requirements. In line with this, some of the other
relevant policies that are in effect in our Company are as follows:
• Asset Management and Information Classification Procedure,
• Information Security Handbook,
• Information Systems Resources Management Policy,
• Information Security Disposal Instruction,
• LOG Management Policy,
• Portable Device Safety Instruction,
• Network Security Remote Access Policy,
• Secure Password Instruction.
Some of the technical and organizational measures taken by Samet Kalıp in order to ensure
that personal data is processed and stored in accordance with the applicable
legislation are as follows:
Technical Measures:
·
Only authorized units and
business divisions and employees are allowed to access and process the personal
data and log records of the computer that is used to access such data are kept if
the access is made in house and/or via Company-controlled computers.
·
For electronic data transfer,
use of secure mediums such as SFTP and VPN are preferred. If it is not possible
to use such mediums, encrypted transmission is made
during file transfer and the password is transmitted via another channel such
as phone, message etc.
·
All log records are stored and
backed up on the SIEM server.
·
Active Directory and File
Server related logs are created through AD Audit Plus and SIEM application.
·
Log records that must be kept
due to legal obligations such as internet access records, DHCP records,
Firewall and IPS log records, are instantly transmitted to the SIEM application.
No personnel are allowed to access in log management systems for writing and
modification purposes.
·
Anti-virus, firewall and SIEM
Log Analysis programs are used to establish and ensure the security of personal
data. On the other hand, the security of message transmissions is periodically audited and intrusion detection and prevention software and
backup systems are used systematically. Passwords and user
names are not disclosed to anyone other than those who are authorized to
access the personal data.
Organizational Measures:
·
Personal data processed in our
Company have been analyzed on the basis of related business
processes, data processing units, processing purposes, data categories and data
subjects and a “Personal Data Processing Inventory” has been created in this
context.
·
Personal data is processed limited
and in connection with the purpose for which they were collected, based on legal
grounds and stored for the required periods. In this context, our Company's
"Personal Data Retention and Destruction Policy" is also in effect.
·
Our employees are informed and
trained on the protection of personal data.
·
Agreements to which our Company
is a party include provisions regarding that the persons to whom personal data is
transferred shall take the necessary security measures for the protection of personal
data.
What data about can we collect?
We can collect the following data of you, such as:
·
Identity and Contact details:
Name, telephone number, e-mail address, company name;
·
Customer details: Order
history, order situation, billing history;
·
Other personal data:
IP-address, browser history, browser language version and other data for
specific purpose of processing tour data;
·
User of website and
communication: Information on how you use the website, including data gathered
via cookies and other tracking technologies.
What is the purpose of processing your data?
According to KVKK, GDPR and other applicable data protection legislation we
are required to inform our data subjects about the purposes of processing
personal data.
We process your personal data for the following purposes:
A. Customer Care and Services
We process your personal data to handle any
request you have submitted. Regarding all aspects of dealing with a concern, we
will contact you without separate consent, for example in writing, by
telephone, or per e-mail, depending on which contact data you have specified.
B. Compliance with legal obligation to which Samet Kalıp is subjected
Samet Kalıp
will also process personal data if there is a legal obligation to do so.
C. Ensuring
the operation of IT systems
The
collected data of our customers are processed in strictly separated databases
to ensure the quality of the IT systems and the protection of personal data
against unauthorized access to personal data or limitation of the circle of
authorized persons with access to the specific databases.
Samet Kalıp
can be subjected to other legal obligations. In order to fulfill those
obligations, we may process your data to the required extent and, if necessary,
pass them on to the authorities responsible within the framework of legal
obligations of notification.
We
also process your data in the event of legal conflicts if the legal conflict
makes processing the data necessary.
D. Data transfer to selected third parties and countries
Your identity and contact data can be transferred to our service providers
located in EU and abroad for conducting direct marketing communication
activities and data storage purposes.
Besides that, we are working with selected partners to deliver the service
you may expect from us. Therefore, we can share your data with:
·
carefully selected and verified service providers and
business partners with whom we cooperate to be able to offer you products and
services. We do this for Samet Kalıp
only within the framework of the strict conditions of data processing on your
behalf or based on your explicit consent, if necessary.
·
Other third parties (for example public authorities)
to the extent that we are legally obligated to do so.
·
To protect your privacy, we execute Data Processing Agreements
with our selected parties who can process your personal data.
What are
the retention periods?
According to
the KVKK, GDPR and the other applicable legislation, we have
to process personal data in line with the applicable retention periods.
Our personal data retention periods specific to the data subjects within the
scope of this Privacy Policy are as follows:
Customers
We
store the personal data of our existing customers during the period of
commercial relationship and for a maximum of 11 years from the last invoice
date, if the commercial relationship is ended.
We store
the personal data of our potential customers for a maximum of 2 years in case a
commercial relationship is not established.
Job
Candidates
We
store the personal data of our job candidates during the period of recruitment
process and for another period of 2 years in case the candidate is not
recruited.
Website
Users and/or Members
We
store the personal data of the website users and/or members during the period
of their membership. In case we establish a commercial relationship with the
website users and /or members, then we store their personal data for the period
of commercial relationship and for a maximum of 11 years from the last invoice
date, if the commercial relationship is ended.
We store the
personal data of our existing customers for a maximum of 11 years from the last
invoice date, in accordance with the guidelines of the applicable data
protection law. Personal data of our existing customers will be deleted after 11
years as stated above, due to the fact that the statute of limitation period is
10 years and the commercial records must be kept for
10 years in accordance with the Turkish Commercial Code. However, the personal data
of our customers is stored for an additional 1 year, taking into consideration
that a request that may come at the end of the statute of limitations.
In case you
apply for a job opening, we will store your personal information no longer than
the period of recruitment process, until you give your permission to store your
personal data for a maximum of 2 years period.
For online
marketing purpose we process your personal data as long as
you are subscribed to our newsletter and/or we inform you as our valued
customer about our products and services and the developments around these.
Your privacy protection rights
If you have
any questions regarding the use of your personal data by Samet
Kalıp, please contact us.
As the data
subject affected by the processing of your data, the basic EU data protection
regulations and other relevant data privacy protection regulations enable you
to assert certain rights in relation to the processing of your personal data.
The following section contains explanations of your rights as defined by the
basic EU data protection regulations. Depending on the type and scope of your
inquiry, we ask you to put the inquiry in writing.
Rights of the
Data Subjects
In line
with the basic EU data protection regulations, as the data subject you have the
following rights:
·
Right to information (Article 15 of GDPR)
You can ask us for information regarding any data of yours that we keep at
any time. This information concerns, among other things, the data categories we
process, for which purposes we process them, the origin of the data if we did
not acquire them directly from you and, if applicable, the recipients to whom
we have sent your data. You can obtain a copy of your data from us free of
charge. If you are interested in additional copies, we reserve the right to
charge for the additional copies.
·
Right to correction (Article
16 of GDPR)
You can request us to correct your data we have stored. We will initiate
appropriate measures to keep the data of yours that we continuously process
correct, complete and up to date, based on the latest information you made available
to us.
·
Right to deletion (Article 17
of GDPR)
You can request us to let delete your personal data provided that the legal
requirements have been met. In accordance with Article 17 of GDPR, this can be
the case if
·
the data are no longer
required for the purposes for which they were acquired or otherwise processed;
·
you revoke your consent, which
is the basis of the data processing, and there is no other legal basis for the processing;
·
you object to the processing
of your data and there are no legitimate reasons for the processing or you
object to data processing for the purposes of direct advertising;
·
the data have been processed illegally.
Wherever the processing is not necessary:
·
to ensure adherence to a legal
obligation that requires us to process your data
·
In particular with regard to legal retention periods
·
to assert, exercise or defend
against legal claims
·
Right to restriction of
processing (Article 18 of GDPR)
You can request that we restrict the processing of
your data if:
·
you dispute the correctness of the data - for the
period of time we need to check the correctness of the data
·
the processing is illegal, but you do not wish to have
your data deleted and request a restriction of use instead
·
we no longer need your data, but you need them to
assert, exercise or defend against legal claims
·
you have filed an objection to the processing, though
it has not yet been decided whether our legitimate grounds outweigh yours.
·
Right to data transferability
(Article 20 of GDPR):
At your request, we will
transfer your data – where technically possible – to another responsible
entity. However, this right only applies if the data processing is based on
your consent or is required to fulfill a contract. Instead of receiving a copy
of your data, you can ask us to send the data directly to another responsible
entity that you specify.
·
Right to objection (Article 21
of GDPR)
You can object to the processing of your data at any time for reasons that
arise from your special situation provided the data processing is based on your
consent or our legitimate interest or that of a third party. In this case, we
will no longer process your data. The latter does not apply if we are able to
prove there are compelling, defensible reasons for the processing that outweigh
your interests or we require your data to assert, exercise or defend against
legal claims.
Time limits for taking action
on a request of use of data subjects rights
As a general principle, we make every effort to comply
with all requests within 30 days. This time limit, however, can be extended for
reasons related to the specific rights of the data subject or the complexity of
his/her request.
Restriction in the provision
of information regarding the daa subjects’ rights:
In certain situations, legal
specifications might require us not to provide information regarding all of your data. If we have to
refuse your request for information in such a case, we will inform you the
reasons for refusal at the same time.
Complaints
to supervisory authorities
Samet
Kalıp takes your reservations and rights very
seriously. However, if you are of the opinion that we have not dealt with your
complaints or reservations adequately, you have the right to submit a complaint
to the data privacy protection authorities responsible.
Changes to this Privacy Policy
We may
modify or update this Privacy Policy from time to time. If we change this Privacy
Policy, we will notify you of the changes by publishing an updated policy on
this website. Where changes to this Privacy Policy will have a fundamental
impact on the nature of the processing of personal data or otherwise have a
substantial impact on you, we will give you sufficient advance notice so that
you have the opportunity to exercise any rights you may have (e.g. to object to the processing).
If you have
any questions regarding this Privacy Policy, please feel free to contact us via
the contact address below or info@sametglobal.com [KK1]
Samet
Kalıp ve Madeni Eşya Sanayi ve Ticaret Anonim
Şirketi
Atatürk Mahallesi Adnan Menderes Caddesi
No: 8-13
34513
Esenyurt
– İstanbul / Turkey
Regarding
processing of personal data of subjects who are in the European Union (EU), you
can contact our Representative in EU Designated Pursuant
to GDPR Art. 27.
Privacy Direct Nederland B.V.
Address :
Novio Tech Campus Building A, Transistorweg 7, 6534
AT
Nijmegen, The Netherlands
Telephone : +31 085-0027514
E-mail :
info@privacy-direct.nl
Version December
2021
[KK1]E-posta uzantılarının değişecek olması halinde bu adresin güncellenmesi gerekecektir.