Personal Data Protection Policy

As Yıldız Metal, we attach importance to the confidentiality and security of your personal data. In this context, while conducting our business relations; we would like to inform you about how we process the personal data we obtain from our customers, suppliers, business partners, their employees and authorities and all other third parties, for what purposes we use them and how we protect this information. (We would like to remind you that you should not send us your personal data if you do not prefer to have your personal data processed.) We would like to state that it is your responsibility to ensure that the personal data you send to our company is accurate, complete and up-to-date, that if you share the data of other people, it is your responsibility to collect such data in accordance with legal requirements, that in such cases, it will be assumed that you have received all necessary permissions from the relevant third party and that all responsibility in this context will belong to you

OUR PERSONAL DATA PROCESSING PRINCIPLES

Our company processes personal data in accordance with the Personal Data Protection Law (KVKK for short) and other relevant legislation. The basic principles and principles we pay attention to when processing your personal data in accordance with Article 4 of KVKK are explained below:

• Our company acts in accordance with legal regulations, general principles, trust and honesty rules in processing personal data. In this context, our company processes personal data according to the principle of proportionality and does not use it for purposes other than its intended purpose.
• Our company processes personal data, takes into account the fundamental rights of the owners as well as their own legitimate interests.
• Our company determines the purpose of processing personal data as clearly and precisely as possible. It processes personal data in connection with the products and services we offer and to the extent necessary for them. In this context, personal data is not processed for purposes that are not related to the achievement of the purpose or are not needed.
• Our company stores personal data for the period specified in the legislation or required for the purpose for which they are processed. If the legal period expires or the reasons requiring processing are eliminated, personal data is deleted, destroyed or made anonymous.

DATA OWNER CATEGORIES

Except for the persons working within our company, the personal data processed The categories of data owners are as follows:

Customers: Persons who have commercial relations with our company

Potential Customers: Persons who request to have commercial relations with our company

Visitors: Company headquarters or persons who have entered our branches, organizations for various purposes or visited our websites.

Third Parties: Other persons who are in a relationship with the persons described above (Example: guarantor, companion, family members and relatives) and our company’s personal data. Other persons that it has to process for a specific purpose

Interns or candidate personnel: Persons who apply for a job or internship in our company

Third Parties Resulting from Collaboration: Partners, authorized persons or employees of the persons or organizations with whom our company has a business relationship

WHEN DO WE COLLECT PERSONAL DATA

Your personal data is basically collected when you establish a commercial relationship with us, when you purchase a product, deliver goods or services, subscribe to our newsletters, choose to receive our marketing communications, communicate with us via e-mail, telephone, etc. for various reasons, apply for a job with our company, participate in various company events, become a potential customer, We collect when you contact us as a supplier, business partner, subcontractor, or visit our company or website. Personal data obtained in this way is processed within the scope of the principles explained in this policy text.

WHICH PERSONAL DATA DO WE PROCESS

Personal data processed by our company It varies depending on the type of relationship (customer, supplier, business partner, etc.) to be established between the data owner and our company. In this context, basically; name, surname, date of birth, e-mail address, telephone number, address, image records for security reasons in case of physical visit, bank account information, invoice information, financial data, other personal information that you share with whom you wish, technical data transmitted from the devices you use during website visits. and digital data, log records, IP address information, user account information, location-position (GPS) information, entry and exit records regarding visits, personal data regarding legal issues, powers of attorney when necessary, signature samples, signature circulars, copies of case files, enforcement and Personal data, such as wage garnishments, may be processed to the extent necessary.

PERSONAL DATA OF EMPLOYEE CANDIDATES

In order to understand the suitability of employee candidates for the job, their experience, and the accuracy of the information; personal data such as the information in their CV, work experience, education information, references, disability status, criminal record, etc. can be collected and processed.

PERSONAL DATA OF VISITORS

In case of visits to our company facilities, some personal data is also processed in order to ensure the security of the company, employees and visitors. In this context, camera recording is taken and these records are destroyed after a short time. (Since our company has a legitimate interest, explicit consent from visitors is not sought in this regard.) This data is only kept in the visitor registration system and is not transferred to another environment unless there is a situation that threatens the security of the company and creates suspicion. However, this information can be used in cases such as preventing crime and ensuring company security.

PURPOSES OF USING PERSONAL DATA

The purpose of using personal data varies depending on the type of relationship between us and the person concerned. Our basic purposes for processing personal data are as follows. Carrying out all kinds of commercial activities of our company, carrying out sales transactions of our products, presenting offers regarding our products, supplying goods, invoicing, contract transactions, performing legal transactions, developing our services, determining and implementing commercial and business strategies, managing commercial operations (demand, offer, etc.), transportation and logistics transactions, financial transactions, reconciliation transactions, managing financial affairs, raw material transactions, sample and analysis transactions, maintenance and repair works, earnings and payment transactions, cargo transactions, technical controls, shipments, return processes, visit transactions, tender transactions, investment transactions, obtaining legal permits, export and import transactions, monitoring of current transactions, orders, field operations, product shipment, collateral transactions, customer and supplier registration, cash transactions, all kinds of communication works related to these, legal processes, financial processes, marketing, advertising and promotion transactions, satisfaction surveys, evaluation of requests, opinions, complaints and comments sent through the website and other channels, organization and invitations of events to be held, responding to requests for information, providing support regarding requests, keeping our records and updating our database, tax and insurance. processes, fulfillment of our legal obligations arising from the relevant legislation, execution of processes with official institutions, follow-up and conclusion of legal processes, fulfillment of legal obligations specified in the KVKK as required or made mandatory by the legal regulations with the regulatory and supervisory institutions upon the request of official authorities, execution of necessary transactions within the scope of occupational health and safety legislation, execution of necessary audit activities to protect the company’s interests and benefits, provision of legal and commercial security, keeping CCTV records to protect the company’s devices and assets, taking technical and administrative security measures, ensuring the order of the entries and exits of the company employees, determination and implementation of commercial and business strategies, conducting communication and market research, follow-up of legal processes such as lawsuits, investigations, etc. related to our company, execution of mediation processes, etc.

LEGAL CONDITIONS FOR PROCESSING PERSONAL DATA:

The conditions for processing personal data (legal reasons) are clearly stated in Article 5 of the KVKK. Accordingly; “Article 5 – (1) Personal data cannot be processed without the explicit consent of the relevant person. (2) If one of the following conditions is met, it is possible to process personal data without the explicit consent of the relevant person: a) It is expressly provided for in the laws. b) It is mandatory for the protection of the life or physical integrity of the person who is unable to give his/her consent due to a de facto impossibility or whose consent is not legally valid, or of another person. c) It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract. ç) It is mandatory for the data controller to fulfill its legal obligation. d) It is made public by the relevant person. e) Data processing is mandatory for the establishment, exercise or protection of a right. f) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person. (In cases where your personal data is processed with explicit consent, you can withdraw this explicit consent at any time.)

SHARING OF PERSONAL DATA

Our Company is responsible for acting in accordance with the decisions and relevant regulations stipulated in the KVKK, especially Article 8 of the KVKK, and the decisions taken by the Board regarding the transfer of personal data. As a rule, personal data and special data belonging to data owners cannot be transferred by our Company to other real persons or legal entities without the explicit consent of the relevant person. Personal Data can be transferred without the consent of the relevant person in cases stipulated in Articles 5 and 6 of the KVKK in accordance with Article 8 of the KVKK. Our Company may transfer personal data to third parties in Turkey, or abroad, for processing in Turkey or for processing and storage outside Turkey, including outsourcing, in accordance with the conditions stipulated in the Law and other relevant legislation, as stated above, and by taking the security measures specified in the legislation. In order for the services to be carried out in the most efficient manner and in accordance with the current technologies while conducting our Company’s commercial activities; It may work with reliable third parties such as information and communication technology providers, consultancy service providers, cargo companies, travel agencies. In this context, our company may share data. This sharing is limited to the purposes of establishing and performing the business partnership. Our company uses cloud computing technologies while carrying out its activities. Your personal data may be processed domestically and abroad through companies that provide cloud computing services. In cases required by law or when we need to protect our rights, we may share your personal data with the relevant official, judicial and administrative authorities.

STORAGE OF PERSONAL DATA:

Your personal data is stored only for the period necessary to fulfill the purpose for which it was collected. These periods are determined separately for each job. When the relevant periods expire, your personal data is destroyed in accordance with the KVKK, unless there is another reason. Personal data is destroyed. We take the following criteria into consideration when determining the destruction periods: The period accepted by general custom, the period that requires the processing of personal data and the legal relationship established with the relevant person will continue, the period that the legitimate interest to be obtained by the data controller will be valid in accordance with the law and rules of honesty, the period that the responsibilities will continue legally, the period that the data controller is obliged to store personal data in the relevant data category due to its legal obligation, limitation periods, etc.

DELETION AND DESTRUCTION OF PERSONAL DATA:

In line with the regulation of Article 7 of the KVKK, although personal data has been processed in accordance with the provisions of the relevant law, if the reasons requiring processing are eliminated, it is deleted, destroyed or anonymized based on our company’s own decision or if the personal data owner requests it in this direction. Deletion of personal data is the process of making personal data inaccessible and reusable for the relevant users in any way. Our company takes all necessary technical and administrative measures to ensure that the deleted personal data is inaccessible and reusable for the relevant users. Our Company may destroy personal data upon its own decision or upon the request of the personal data owner, even if the reasons requiring processing are eliminated, even though it has been processed in accordance with the relevant provisions of the law. Destruction of personal data is the process of rendering personal data inaccessible, irreversible and reusable by anyone. The data controller is obliged to take all necessary technical and administrative measures regarding the destruction of personal data.

PROTECTION OF PERSONAL DATA

In order to protect your personal data and prevent unlawful access, our Company takes the necessary administrative and technical measures in accordance with the Personal Data Security Guide published by the KVK Institution. Access control authorization and/or encryption methods are applied against situations such as loss or theft of devices containing personal data. Paper documents containing personal data are also stored in a locked manner and in environments accessible only to authorized persons, and unauthorized access to such documents is prevented. Our Company, in accordance with KVKK art. In the event that personal data is obtained by others through illegal means in accordance with Article 12, this situation shall be reported to the Personal Data Protection Board and data owners as soon as possible. On the other hand, our company reduces personal data as much as possible within the framework of the data minimization principle. Our company has determined provisions regarding confidentiality and data security in the employment contracts to be signed during the recruitment process of its employees. Software and hardware including virus protection systems and firewalls are installed.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA:

KVKK art. Pursuant to Article 11, data owners have the following rights: To learn whether your personal data is processed by our Company, To request information about your personal data if it has been processed, To learn the purpose of processing your personal data and whether it is used in accordance with its purpose, To know the third parties to whom your personal data is transferred domestically or abroad, To request correction of your personal data if it is processed incompletely or incorrectly and to request notification of the transaction made in this context to the third parties to whom your personal data is transferred, To request deletion or destruction of your personal data if the reasons requiring processing are eliminated despite the fact that it has been processed in accordance with the provisions of the KVKK and other relevant laws and to request notification of the transaction made in this context to the third parties to whom your personal data is transferred, To object to the emergence of a result against you by exclusively analyzing the processed data through automated systems, To request compensation for the damage you have suffered in case you suffer damage due to the unlawful processing of your personal data. You can submit these requests to our company free of charge using the method specified below in accordance with the application circular:

• The wet-signed application form must be sent to our company’s registered office By submitting it in person to “Ramazanoglu Mah. Sanayi Cad. No.13 Pendik/ İstanbul” and presenting a valid ID
• By sending the wet-signed application form to our company’s headquarters “Ramazanoglu Mah. Sanayi Cad. No.13 Pendik/ İstanbul” via a notary
• By sending the application form signed with a “secure electronic signature” within the scope of the Electronic Signature Law No. 5070 to the address yildizmetal@hs03.kep.tr kep or the e-mail address yildiz.erdogan@yildiz-metal.com

In applications; name, surname, signature if the application is in writing, Turkish Republic Identity Number for citizens of the Republic of Turkey, nationality for foreigners, passport number or ID number if any, residence or workplace address for notification, e-mail address for notification if any, telephone and fax number, and the subject of the request must be included. Information and documents related to the subject are also attached to the application. (Deputies can also apply with a power of attorney containing special authority) The requested matter must be clear and understandable, the matter you request must be related to you or if you are acting on behalf of someone else, you must be specifically authorized in this matter and your authority must be documented, the application must include your identity and address information and documents proving your identity must be attached to the application. Applications you make within this scope will be finalized in the shortest possible time frame and within a maximum of 30 days. The applications in question are free of charge. However, if the process requires an additional cost, the fee determined by the KVK Board may be charged. In accordance with Article 14 of the KVKK, if your application is rejected by our Company, if you find our response insufficient or if we do not respond to your application on time; you can file a complaint with the KVK Board within thirty days from the date you learn of our Company’s response and in any case within sixty days from the date of application.

OTHER MATTERS

In case of inconsistency between the provisions of the KVKK and other relevant legislation and this Policy, the provisions of the KVKK and other relevant legislation will be applied first. We would like to remind you that we may make updates to this Policy due to the provisions of the legislation that may change over time and the changes that may occur in our company policies. Yıldız Metal San. Ve Tic. A.Ş
Tax Number: 9530394042
Address: Ramazanoglu Mah. Sanayi Cad. No.13 Pendik/ İstanbul