Privacy Policy Samet Kalıp ve Madeni Eşya Sanayi ve Ticaret Anonim Şirketi

 

Controller

The responsible party (the controller) for this Privacy Policy is:

 

Samet Kalıp ve Madeni Eşya Sanayi ve Ticaret Anonim Şirketi (“Samet Kalıp” or the “Company”)

Atatürk Mahallesi Adnan Menderes Caddesi No: 8-13 34513 Esenyurt – İstanbul / Turkey

 

Introduction

Being transparent about how we, as the controller, process data of our customers, job candidates, website users and/or members and other related natural persons who may reach us via other channels, is important.

 

In this Privacy Policy, we explain how we comply with the current Turkish Data Protection Law (KVKK), the European privacy law, the General Data Protection Regulation (GDPR) and other applicable laws and regulations regarding data protection and information security. In addition, we explain which personal data we collect and use, and for what purpose. We recommend you read this policy carefully. Please feel free to contact us in case of any questions or requests.

 

Please note: this Privacy Policy does not apply to websites or services of third parties, including hyperlinks to websites or others than Samet Kalıp. We are not responsible for the privacy policy and the use of cookies on those websites.

 

When do we collect and process personal data?

We collect and processes personal data in the following cases, including:

·         When you contact us directly, for example via our website, and you are interested, for example, in our products or services or have any other concerns.

·         When you apply as a candidate for a job opening position via our website or the website of an external partner where the job has been published.

 

Legal basis for the processing of personal data

According to article 6 of the GDPR and other applicable data protection legislation, we are required to have a legal basis for processing of your personal data. We only process your personal data if this is permitted by an applicable legal regulation. Hereby, we will base the processing of your data on, among others, the following legal principles.

·         Consent: We will process certain data only on the basis of the consent you have given explicitly and voluntarily. You have the right to revoke your consent at any time with effect for the future.

·         Fulfillment of a contract / pre-contractual measures: For initiation and and/or execution of your contract with Samet Kalıp and/or our partners, we need access to certain data of our customers.

·         Fulfillment of a legal obligation: Samet Kalıp is subjected to a number of legal specifications. We must process certain data to comply with these specifications.

·         Protection of legitimate interests: Samet Kalıp will process certain data in order to protect her legitimate interests or the interests of third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

How do we process your personal data?

We process personal data, which can be related directly or indirectly to natural persons (whether or not provided by the specific natural person). Lawful and careful handling of these personal data is very important for our organization. Therefore, these personal data are processed carefully by Samet Kalıp. In our processing, we adhere to the requirements of the applicable laws and regulations. This means that:

·         We disclose the purpose of use of personal data;

·         We do not collect more personal data then data required for legitimate purposes;

·         We ask you actively for your permission to process your personal data in case where your permission for data processing is required;

·         We take adequate technical and organizational necessary measures to protect your personal data;

·         We provide you information on your request of use of any data subject rights such as  clarification, correction, deletion or exportation of your personal data .

 

Safety measures to protect your data

According the GDPR and other applicable data protection legislation, we are required to take technical and organizational safety measures to protect your personal data. 

 

Samet Kalıp has taken all necessary technical and organizational measures in order to prevent the processing of the personal data in violation of the applicable legislation, to prevent unauthorized access to personal data and to ensure that personal data is preserved, processed and transferred at an adequate level of security.

 

Samet Kalıp has also taken additional technical and organizational measures within the scope of the ISO 27001 Information Security Management System certificate it holds. "Information Security Handbook" that is in effect within Samet Kalıp has been prepared in accordance with the standards of ISO/IEC 27001 Information Technologies - Security Techniques - Information Security Management Systems – Requirements. In line with this, some of the other relevant policies that are in effect in our Company are as follows:

 

• Asset Management and Information Classification Procedure,

• Information Security Handbook,

• Information Systems Resources Management Policy,

• Information Security Disposal Instruction,

• LOG Management Policy,

• Portable Device Safety Instruction,

• Network Security Remote Access Policy,

• Secure Password Instruction.

 

Some of the technical and organizational measures taken by Samet Kalıp in order to ensure that personal data is processed and stored in accordance with the applicable legislation are as follows:

 

 

Technical Measures:

 

·         Only authorized units and business divisions and employees are allowed to access and process the personal data and log records of the computer that is used to access such data are kept if the access is made in house and/or via Company-controlled computers.

 

·         For electronic data transfer, use of secure mediums such as SFTP and VPN are preferred. If it is not possible to use such mediums, encrypted transmission is made during file transfer and the password is transmitted via another channel such as phone, message etc.

 

·         All log records are stored and backed up on the SIEM server.

 

·         Active Directory and File Server related logs are created through AD Audit Plus and SIEM application.

 

·         Log records that must be kept due to legal obligations such as internet access records, DHCP records, Firewall and IPS log records, are instantly transmitted to the SIEM application. No personnel are allowed to access in log management systems for writing and modification purposes.

 

·         Anti-virus, firewall and SIEM Log Analysis programs are used to establish and ensure the security of personal data. On the other hand, the security of message transmissions is periodically audited and intrusion detection and prevention software and backup systems are used systematically. Passwords and user names are not disclosed to anyone other than those who are authorized to access the personal data.

 

Organizational Measures:

 

·         Personal data processed in our Company have been analyzed on the basis of related business processes, data processing units, processing purposes, data categories and data subjects and a “Personal Data Processing Inventory” has been created in this context.

 

·         Personal data is processed limited and in connection with the purpose for which they were collected, based on legal grounds and stored for the required periods. In this context, our Company's "Personal Data Retention and Destruction Policy" is also in effect.

 

·         Our employees are informed and trained on the protection of personal data.

 

·         Agreements to which our Company is a party include provisions regarding that the persons to whom personal data is transferred shall take the necessary security measures for the protection of personal data.

 

What data about can we collect?

We can collect the following data of you, such as:

·         Identity and Contact details: Name, telephone number, e-mail address, company name;

·         Customer details: Order history, order situation, billing history;

·         Other personal data: IP-address, browser history, browser language version and other data for specific purpose of processing tour data;

·         User of website and communication: Information on how you use the website, including data gathered via cookies and other tracking technologies.

 

What is the purpose of processing your data?

According to KVKK, GDPR and other applicable data protection legislation we are required to inform our data subjects about the purposes of processing personal data.

 

We process your personal data for the following purposes:

 

A. Customer Care and Services

We process your personal data to handle any request you have submitted. Regarding all aspects of dealing with a concern, we will contact you without separate consent, for example in writing, by telephone, or per e-mail, depending on which contact data you have specified.

 

B.  Compliance with legal obligation to which Samet Kalıp is subjected

Samet Kalıp will also process personal data if there is a legal obligation to do so.

 

C. Ensuring the operation of IT systems

The collected data of our customers are processed in strictly separated databases to ensure the quality of the IT systems and the protection of personal data against unauthorized access to personal data or limitation of the circle of authorized persons with access to the specific databases.

 

Samet Kalıp can be subjected to other legal obligations. In order to fulfill those obligations, we may process your data to the required extent and, if necessary, pass them on to the authorities responsible within the framework of legal obligations of notification.

 

We also process your data in the event of legal conflicts if the legal conflict makes processing the data necessary.

 

D. Data transfer to selected third parties and countries

Your identity and contact data can be transferred to our service providers located in EU and abroad for conducting direct marketing communication activities and data storage purposes.  

Besides that, we are working with selected partners to deliver the service you may expect from us. Therefore, we can share your data with:

·         carefully selected and verified service providers and business partners with whom we cooperate to be able to offer you products and services. We do this for Samet Kalıp only within the framework of the strict conditions of data processing on your behalf or based on your explicit consent, if necessary.

·         Other third parties (for example public authorities) to the extent that we are legally obligated to do so.

·         To protect your privacy, we execute Data Processing Agreements with our selected parties who can process your personal data.

 

 

What are the retention periods?

 

According to the KVKK, GDPR and the other applicable legislation, we have to process personal data in line with the applicable retention periods. Our personal data retention periods specific to the data subjects within the scope of this Privacy Policy are as follows:

 

 

 

 

Customers

We store the personal data of our existing customers during the period of commercial relationship and for a maximum of 11 years from the last invoice date, if the commercial relationship is ended. 

 

We store the personal data of our potential customers for a maximum of 2 years in case a commercial relationship is not established.  

 

Job Candidates

We store the personal data of our job candidates during the period of recruitment process and for another period of 2 years in case the candidate is not recruited.

 

Website Users and/or Members

We store the personal data of the website users and/or members during the period of their membership. In case we establish a commercial relationship with the website users and /or members, then we store their personal data for the period of commercial relationship and for a maximum of 11 years from the last invoice date, if the commercial relationship is ended. 

 

We store the personal data of our existing customers for a maximum of 11 years from the last invoice date, in accordance with the guidelines of the applicable data protection law. Personal data of our existing customers will be deleted after 11 years as stated above, due to the fact that the statute of limitation period is 10 years and the commercial records must be kept for 10 years in accordance with the Turkish Commercial Code. However, the personal data of our customers is stored for an additional 1 year, taking into consideration that a request that may come at the end of the statute of limitations.

 

In case you apply for a job opening, we will store your personal information no longer than the period of recruitment process, until you give your permission to store your personal data for a maximum of 2 years period.

 

For online marketing purpose we process your personal data as long as you are subscribed to our newsletter and/or we inform you as our valued customer about our products and services and the developments around these.

 

Your privacy protection rights

If you have any questions regarding the use of your personal data by Samet Kalıp, please contact us.

 

As the data subject affected by the processing of your data, the basic EU data protection regulations and other relevant data privacy protection regulations enable you to assert certain rights in relation to the processing of your personal data. The following section contains explanations of your rights as defined by the basic EU data protection regulations. Depending on the type and scope of your inquiry, we ask you to put the inquiry in writing.

 

Rights of the Data Subjects

In line with the basic EU data protection regulations, as the data subject you have the following rights:

 

·         Right to information (Article 15 of GDPR)

You can ask us for information regarding any data of yours that we keep at any time. This information concerns, among other things, the data categories we process, for which purposes we process them, the origin of the data if we did not acquire them directly from you and, if applicable, the recipients to whom we have sent your data. You can obtain a copy of your data from us free of charge. If you are interested in additional copies, we reserve the right to charge for the additional copies.

 

·         Right to correction (Article 16 of GDPR)

You can request us to correct your data we have stored. We will initiate appropriate measures to keep the data of yours that we continuously process correct, complete and up to date, based on the latest information you made available to us.

 

·         Right to deletion (Article 17 of GDPR)

You can request us to let delete your personal data provided that the legal requirements have been met. In accordance with Article 17 of GDPR, this can be the case if

·         the data are no longer required for the purposes for which they were acquired or otherwise processed;

·         you revoke your consent, which is the basis of the data processing, and there is no other legal basis for the processing;

·         you object to the processing of your data and there are no legitimate reasons for the processing or you object to data processing for the purposes of direct advertising;

·         the data have been processed illegally.

 

Wherever the processing is not necessary:

·         to ensure adherence to a legal obligation that requires us to process your data

·         In particular with regard to legal retention periods

·         to assert, exercise or defend against legal claims

 

·         Right to restriction of processing (Article 18 of GDPR)

You can request that we restrict the processing of your data if:

·         you dispute the correctness of the data - for the period of time we need to check the correctness of the data

·         the processing is illegal, but you do not wish to have your data deleted and request a restriction of use instead

·         we no longer need your data, but you need them to assert, exercise or defend against legal claims

·         you have filed an objection to the processing, though it has not yet been decided whether our legitimate grounds outweigh yours.

 

·         Right to data transferability (Article 20 of GDPR): 
At your request, we will transfer your data – where technically possible – to another responsible entity. However, this right only applies if the data processing is based on your consent or is required to fulfill a contract. Instead of receiving a copy of your data, you can ask us to send the data directly to another responsible entity that you specify.

 

·         Right to objection (Article 21 of GDPR)

You can object to the processing of your data at any time for reasons that arise from your special situation provided the data processing is based on your consent or our legitimate interest or that of a third party. In this case, we will no longer process your data. The latter does not apply if we are able to prove there are compelling, defensible reasons for the processing that outweigh your interests or we require your data to assert, exercise or defend against legal claims.

 

Time limits for taking action on a request of use of data subjects rights
As a general principle, we make every effort to comply with all requests within 30 days. This time limit, however, can be extended for reasons related to the specific rights of the data subject or the complexity of his/her request.

 

Restriction in the provision of information regarding the daa subjects’ rights:
In certain situations, legal specifications might require us not to provide information regarding all of your data. If we have to refuse your request for information in such a case, we will inform you the reasons for refusal at the same time.

 

Complaints to supervisory authorities

Samet Kalıp takes your reservations and rights very seriously. However, if you are of the opinion that we have not dealt with your complaints or reservations adequately, you have the right to submit a complaint to the data privacy protection authorities responsible.

 

Changes to this Privacy Policy

We may modify or update this Privacy Policy from time to time. If we change this Privacy Policy, we will notify you of the changes by publishing an updated policy on this website. Where changes to this Privacy Policy will have a fundamental impact on the nature of the processing of personal data or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise any rights you may have (e.g. to object to the processing).

 

If you have any questions regarding this Privacy Policy, please feel free to contact us via the contact address below or info@sametglobal.com [KK1] 

 

Samet Kalıp ve Madeni Eşya Sanayi ve Ticaret Anonim Şirketi

Atatürk Mahallesi Adnan Menderes Caddesi

No: 8-13 34513

Esenyurt – İstanbul / Turkey

 

Regarding processing of personal data of subjects who are in the European Union (EU), you can contact our Representative in EU Designated Pursuant to GDPR Art. 27.

 

Privacy Direct Nederland B.V.

Address                      : Novio Tech Campus Building A, Transistorweg 7, 6534 AT

                                      Nijmegen, The Netherlands

Telephone                   : +31 085-0027514

E-mail                         : info@privacy-direct.nl

 

Version December 2021