Information on the Protection of Personal Data Law
1. Chapter: INTRODUCTION
Protection of personal data is one of the most important priorities of our Company. The most important step of this issue is protection and processing of personal data of our customers, potential customers, candidate personnel, company shareholders, company authorities, our visitors, employees, shareholders, authorities of organizations we are in collaboration and third parties being administered with this policy.
This Policy set forth the principles to be adopted and considered in practice by Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi on the subject of processing and protection of personal data. This Policy set forth the requirements to be fulfilled by Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi and determines the basic principles concerning how the regulations specified in the Personal Data Protection Law (PDPL) No. 6698 will be complied with. In this scope, necessary administrative and technical measures are taken by Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi for protection of personal data being processed by the relevant legislation.
The main aim of this Policy is to make some explanations about the activity of processing personal data lawfully by Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi and the systems being adopted for protecting personal data. In this scope, people whose personal data is processed by Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi, primarily our customers, potential customers, candidate personnel, company shareholders, company authorities, our visitors, employees, shareholders, authorities of organizations we are in collaboration and third parties shall be informed and transparency shall be ensured.
This Policy is related with all personal data of our customers, potential customers, candidate personnel, company shareholders, company authorities, our visitors, employees, shareholders, authorities of organizations we are in collaboration and third parties being processed automatically or in non-automatic ways as a part of any data recording system.
This Policy may be amended by the approval of the board of directors if required by PDP Regulations or in cases found necessary by the Data Supervisor of the Company.
1.4. Enforcement of the Policy
The Policy being regulated by our Company shall be updated if the whole Policy or some articles of this are renewed.
The Policy is published on our company web site and presented to access by relevant persons upon request of personal data owners.
Express Consent: Implies consent based on information about a certain subject and explained with free will.
Anonymization: Implies amendment of personal data in a way personal data loses the nature of personal data and this situation is irrevocable. For example: Rendering personal data in a form not relatable with a real person by means of some techniques like masking, consolidation, data contamination etc.
Candidate Personnel: Implies real persons who made a job application in any way to our company and opened their relevant information to investigation of our Company.
Employees, Shareholders, Authorities of Organizations we are in Collaboration: Imply the real persons working in organizations our company has all kinds of business relations (including but not limited to business partners, suppliers) including shareholders and officers of these organizations.
Personal Data Owner: Implies real person whose personal data is being processed. For example; Customers and employees.
Personal Data: All kinds of information with respect to the real person who is identified or identifiable. Therefore, processing of information owned by legal entities is not possible in scope of the Law. For example; name-last name, TR ID No., e-mail, address, date of birth, credit card number etc.
Customer: Real persons who use or have used products and services provided by our company.
Special Nature Data: Data related with race, ethnic origin, political thought, philosophical belief, religion, order or other beliefs, dress and appearance, association, foundation or union membership, health, sexual life, criminal sentence and safety measures and biometric and genetic data are special nature data.
Potential Customer: Implies real persons who have potential of doing business with our company, who want to work, have purchasing power but we have not accessed yet, if accessed we have not sold anything yet
Company Shareholder: Implies the real persons who are our company shareholders.
Company Officer: Board of Directors members and other authorized real persons of our company.
Data Processor: Implies the real and legal entities that process personal data based on the authority given by the data supervisor on behalf of him/her. For example; Digital marketing companies working with our company etc.
Visitor: Real Persons who have entered physical premises owned by our company or visited our web sites for different purposes.
2. Chapter: PROVISIONS WITH RESPECT TO PERSONAL DATA PROTECTION
Our company takes necessary technical and administrative measures for ensuring appropriate safety level and performs or makes performed necessary supervisions in this scope in order to prevent unlawful processing of personal data it is processing in accordance with Article 12 of PDP Law, prevent unlawful access to data and ensure preservation of data.
2.1. Ensuring Safety of Personal Data
2.1.1. Technical and Administrative Measures for Lawful Processing and Protection of Personal Data
Our company takes technical and administrative measures according to technological possibilities and implementation cost in order to ensure lawful processing of personal data, prevent disclosure, access, transfer personal data in an imprudent or unauthorized way or all unlawful access in other ways, ensure storage of personal data in safe environment and prevent destruction, loss or alteration of them for unlawful purposes.
All processes with respect to data processing activities within Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi are analyzed on the basis of business units. In this scope, a “personal data processing map” has been created.
In accordance with the personal data processing map, things to be performed in order to ensure compliance with laws have been determined as unit based.
Personal data processing processes developed should be supervised with technical system to be developed and reported to relevant bodies.
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi employees have been informed on the subject of processing personal data in compliance with laws and sanctions of unlawful data processing.
Regular supervisions are performed in order to ensure awareness in employees. Necessary administrative measures are implemented by means of Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi internal policies and trainings.
Some records are put on the contracts and documents which administer the legal relationship between Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi employees, subsidiaries, business partners, suppliers and customers, privacy of shared personal data and the way how they should be processed and stored.
Access to personal data is restricted with employees who are appointed for the purpose of processing this data. Access of employees to personal data they do not use in accordance with your job is restricted.
Relevant personnel are employed in technical issues.
Technological compliant technical measures have been taken and these measures are periodically updated to prevent access to the systems and locations where personal data is stored.
Access and authorization technical processes have been designed and put in practice in accordance with business unit based legal compliance requirements by Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi.
The technical measures taken are periodically reported to relevant body. Technological solution is generated for the issues having safety risk.
Relevant software and systems including software and hardware which contain virus protection systems and fire walls are being established.
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi employees are educated on the subject of technical measures taken in this scope and personnel informed about technical subjects are employed.
Commitment of Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi employees is received to ensure them to agree not to disclose personal data they have learned to others and for other purposes than the aim of processing contrary to PDPL provisions. This commitment shall continue to be effective after employees leave their job.
Some provisions with respect to taking necessary safety measures for the purpose of protecting personal data have been included in the agreements drawn up with the parties to which the personal data is transferred by Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi.
Some systems in compliance with technological developments are used to store personal data in a safe environment.
Personnel specialized in technical subjects is employed.
Technical safety systems for storage areas are established, technical measures taken are reported to relevant bodies in accordance with the internal supervision mechanism periodically, the issues posing a risk are reevaluated and necessary technological solutions are generated.
Backup programs are used in a legal way in order to ensure safe storage of personal data.
Employees are trained on the subject of safely storing personal data.
In case an external service is received by reason of technical requirements on the subject of personal data storage, some provisions concerning that people who are transferred personal data shall take safety measures in order to protect personal data an compliance with these measures shall be ensures in their organizations will be included in agreements drawn up with relevant firms to which personal data is transferred legally.
2.1.2. Supervision of Measures Taken on the Subject of Personal Data Protection
Our company makes necessary supervisions within itself in accordance with Article 12 of PDP Law. Results of these supervisions are reported to the department concerning the subject and necessary actions are taken for improvement of such measures in scope of internal functioning of the Company.
2.1.3. Measures to be Taken In case of Unauthorized Disclosure of Personal Data
Our Company executes the system that ensures notification of the relevant situation to the relevant personal data owner and the PDP Board as soon as possible in case personal data processed in accordance with Article 12 of the PDP Law is obtained by other in illegal ways.
This situation may be announced on the web site of the PDP Board or via another method if the PDP Board finds necessary.
2.2. Protection of Rights and Evaluation of Requests of Data Owners
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi executes the necessary channels, internal functioning, administrative and technical regulations in accordance with Article 13 of PDP Law in order to ensure evaluation of the rights of personal data owners and for making necessary information to personal data owners.
If personal data owners notify their requests with respect to the rights specified in the PDP Law to our Company in written form, our Company shall conclude the request as soon as possible and at the latest 30 days free of charge depending on the nature of request. However, if the process requires an extra cost, the charge given in the tariff specified by the PDP Board shall be received by our Company.
Data supervisor shall accept the request or reject by explaining the reason and then notifies the response to the relevant person in written form or at electronic media. If the request stated in application is accepted, the necessary action is taken by the data supervisor. If the application results from a mistake of data supervisor, any charge received shall be returned to the relevant person.
3. Chapter: Considerations WITH RESPECT TO processing PERSONAL DATA
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi performs the activity of data processing in accordance with laws and good faith rules on the subject of processing personal data in accordance with Article 4 of the PDP Law. Our company preserves personal data for a period specified in the laws or required by the purpose of personal data processing.
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi processes personal data based on one or several conditions of Article 5 of the PDP Law with respect to processing of personal data in accordance with Article 5 of PDP Law.
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi clarifies personal data owners and makes necessary information when requested by personal data owners in accordance with Article 10 of the PDP Law.
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi acts in accordance with the regulations specified in terms of processing of special nature personal data in accordance with Article 6 of PDP Law.
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi acts accordingly with the regulations specified in the laws and set forth by the PDP Board on the subject of transferring personal data in accordance with Articles 8 and 9 of the PDP Law.
3.1. Processing of Personal Data In Accordance with the Principles Specified in the Legislation
3.1.1. Processing in Accordance with the Law and Good Faith
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi acts in accordance with the principles put in with legal regulations and general trust and good faith rule in processing of personal data. In this scope, our Company takes into account requirements of proportionality in processing of personal data and do not use personal data out of requirements of its purpose.
3.1.2. Ensuring Personal Data being Correct and Up-to-Date when Required
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi ensures personal data it processes being correct and up-to-date by considering fundamental rights of personal data owners and its own legitimate benefits and it takes necessary measures in this direction.
3.1.3. Processing for Certain, Open and Legitimate Purposes
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi processes personal data for certain, open and legal reasons. In this scope, Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi should determine the purposes for which personal data of companies would be processed and should submit these purposes for information of data owners before processing personal data. Personal data should not be processed out of specified purposes. Data processing purposes determined by Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi should be legitimate and lawful.
3.1.4. Being Connected, Limited and Measure with the Purpose of Processing
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi processes personal data in a way convenient for fulfillment of specified purposes and avoids from processing of personal data not relevant with fulfillment of this purpose or not required. For example, any personal data processing activity orienting to satisfaction of necessities which would possibly arise is not performed.
3.1.5. Protection for a Period Specified in the Relevant Legislation or for the Purpose of being Processed
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi preserves personal data for a period specified in the relevant legislation or required for the purpose of being processed. In this scope, it determines whether or not a period has been specified for storage of personal data in the relevant legislation, complies with this period, if exist any period specified and stores personal data for a period required for the purpose of processing them if any period is not specified.
3.2. Personal Data Being Processed by our Company
3.2.1. Which Personal Data We are Processing
Your personal data and special character personal data concerned to be processed by us if you share with us or it is necessary are as follows:
Personal Data such as Name, Last Name, Place of birth, Date of birth, Gender, Marital Status, Photograph, Home Phone Number, Mobile Phone Number, Personal e-mail address, Identity Details, Address, Surveys, Photographs, video records in scope of form completion and contests and all kinds of other personal data you shared with us in any way through above specified channels, information with respect to make you benefit from property and services we provide, automatic calling machines, audio and video recording devices, personal data gathered automatically via cookies or other means, social networking instruments, updated information shared by our business partners, suppliers and other third parties with us based on your previous permission, site view details, searched terms and search results, charged listing, sponsored connections.
3.2.2. How Would Your Personal Data be Processed
In accordance with the Personal Data Protection Law No. 6698; all kinds of processes performed on data acquirement, recording, storage for a period necessary for the purpose of processing, preservation, alteration, rearrangement, disclosure, transfer, taking over, making acquirable, classification or prevention of usage of your personal data and special nature personal data you share with our Company in a way totally or partially automatic or a non-automatic way provided that being a part of any data recording system may be performed by us in the Capacity of Data Supervisor.
3.3. Clarification and Information for Personal Data Owner
Our Company clarifies personal data owners in the course of obtaining personal data in accordance with Article 10 of PDP Law. In this scope, it makes clarification about the purpose for which personal data may be processed, the parties and purposes to which processed data may be transferred, the method and legal reason of gathering personal data and the rights of personal data owner.
The right to “request information” is also included in the rights of personal data owner in Article 11 of the PDP Law. Our company makes necessary information if the personal data owner requests information in accordance with this scope.
3.4. Purposes of Processing Personal Data
Our company processes personal data in a way restricted with the purposes and requirements within personal data processing conditions specified in the Personal Data Protection Law No. 6698, Article 5, paragraph 2 and Article 6, paragraph 3. These purposes and requirements include;
If the activity to be performed by our Company with respect to processing of your personal data is expressly specified in the Laws,
If processing of your personal data by our Company is directly related with and necessary for drawing up or executing an agreement,
If processing of your personal is obligatory for fulfillment of any legal liability of our Company,
If your personal data is processed by our Company in a way restricted with the person of publicity provided that you have publicized your personal data,
Processing of your personal data by our Company is obligatory for establishment, utilization or protection of the rights of our Company or you or third parties,
Performing the activity of personal data processing is obligatory for legitimate benefits of our Company provided that your fundamental rights and freedoms are not damaged,
Performance of the activity of personal data processing by our Company is obligatory for protection of life or physical integrity of personal data owner or any other person and the fact that personal data owner is in a situation he/she is not able to declare consent by reason of actual impossibility or legal invalidity,
Processing of personal data of personal data owner instead of his/her health and sexual life is specified in the laws,
Special nature personal data of personal data owner with respect to his/her health and sexual life is required to be processed by individuals under obligation of confidentiality or authorized organizations and establishments for the purpose of protection of public health, preventive medicine, medical diagnosis, treatment and care services, healthcare services and planning and management of their funding.
In direction of performance of necessary efforts by our relevant business units for fulfillment of commercial activities being performed by the company and execution of business processes related with this;
Planning and execution of business activities and actions of providing business continuity,
Planning and execution of customs operations, production and/or operation processes,
Following-up of finance and/or accounting works,
Effectiveness method,
Providing authorized bodies information based on legislation,
Planning and execution of corporate communication activities,
Planning and execution of supply chain management and logistic activities,
Planning and execution of production and/or operation processes
Planning and execution of information access authorizations of business partners and/or suppliers
In direction of performance of necessary works by our business units and execution of relevant business processes in order to ensure relevant persons to benefit from products and services provided by the company;
Planning and execution of customer relations management processes,
Following-up customer requests and/or complaints,
Planning and execution of marketing processes or products and/or services,
Planning and/or execution of after-sale support service activities,
Following-up of contract processes and/or legal requests, creation and monitoring of customer insuring process,
In direction of performing necessary actions for customizing products and services provided by our company according to like, usage habits and needs of personal data owners and advising for them;
Planning and execution of market research activities for sale and marketing of products and services,
Sale and after-sale operations and purchasing operations,
Planning and/or execution of the processes of creating and/or improving loyalty to products and/or services provided by the company,
In direction of ensuring execution of human resources policies of our company;
Performing obligations within the framework of occupational health and safety and taking necessary actions for this,
Evaluation of job applications by our Company in compliance with Human Resources Policies,
Fulfillment of labor contract and/or legislation based obligations for company employees,
Performance of personnel job entrance-exit procedures,
Evaluation of wage-performance process,
Management of wages and payrolls,
Planning and/or execution of on-the-job training activities,
Execution of other human resources operations,
In direction of providing legal and commercial safety provision of our company and individuals who have business relationship with our company;
Following-up legal works of our company,
Planning and execution of operation activities necessary for fulfillment of company activities in accordance with company procedures and/or relevant legislation,
Creation and following-up of visitor records,
Ensuring safety of company premises and/or premises,
Ensuring safety of company fixtures and/or resources,
Ensuring safety of company operations,
Planning and execution of emergency management processes,
Planning and/or execution of financial risk processes of the company,
In direction of determination and implementation of commercial and business strategies of our company;
Financial operations, communication, market research and social responsibility activities, purchasing operations, product/project/manufacturing/investment quality processes and operations being performed by our company,
Internal system and application management operations,
Planning and/or execution of external training activities,
Purposes like management of relations with business partners and/or suppliers.
If the personal data owner does not declare express content, it shall not mean that all personal data processing activities may not be performed by our relevant business units included in above purpose; but it shall mean personal data processing activities out of personal data processing activities in scope of the same purpose and of our relevant business units orienting to this purpose which do not require express consent of personal data owner specified in the first paragraph may not be performed.
3.5. Processing of Special Character Personal Data
The regulations specified in PDP Law are carefully complied with in processing of personal data specified as “special character” with the PDP Law by our Company.
Some personal data carrying the risk of causing unjust suffering or discrimination of individual when committed unlawfully in Article 6 of the PDP Law has been determined as “special nature”. This data includes those related with race, ethnical origin, political thought, philosophical belief, religion, order or other beliefs, dress and appearance, association, foundation or union membership, health, sexual life, criminal sentence and safety measures and biometric and genetic data.
3.7.1. Transfer of Personal Data
Our company may transfer personal data to third parties based on and limited with one or several conditions of personal data processing specified in Article 5 of the said Law listed below in direction of legitimate and lawful purposes of processing data:
If the personal data owner has express consent;
If there is a clear regulation concerning that personal data may be transferred,
If this is obligatory for protection of life or physical integrity of personal data owner or any other person and the fact that personal data owner is in a situation he/she is not able to declare consent by reason of actual impossibility or legal invalidity or his/her consent is not given legal validity;
If the transfer of personal data belonging to parties of a contract is necessary provided it is directly related with establishment or execution of the contract,
If the personal data transfer is obligatory for fulfillment of legal liability of our company,
If the personal data has been publicized by the personal data owner,
If the personal data transfer is obligatory for establishment, usage or protection of a right,
If the personal data transfer is obligatory for legitimate benefits of our Company provided this does not damage fundamental rights and freedoms of the personal data owner.
3.7.2. Transfer of Special Nature Personal Data
Our company may transfer special nature data of personal data owner to third parties by taking necessary care, taking necessary safety measures and sufficient measures specified by the PDP Board in the following circumstances.
If the personal data owner has express consent or
If the personal data owner does not have express consent, then;
In circumstances specified in the laws, special nature personal data of the personal data owner instead of his/her health and sexual life (race, ethnic origin, political thought, philosophical belief, religion, order or other beliefs, dress and appearance, association, foundation or union membership, health, sexual life, criminal sentence and safety measures and biometric and genetic),
Special nature personal data of personal data owner with respect to his/her health and sexual life may only be processed by individuals under obligation of confidentiality or authorized organizations and establishments for the purpose of protection of public health, preventive medicine, medical diagnosis, treatment and care services, healthcare services and planning and management of their funding.
3.7.3. Use of Web site Cookies
Web sites belonging to Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi are the sites which use cookies. Cookie is a file that allows detection of a device being used by being stored on internet browser or hard disk of the said device, which is mostly composed of letters and numbers.
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi web sites store cookies; details it collects by means of log files, empty gif files and/or third party sources in order to create a summary about your preferences.
We use two kinds of cookies throughout our sites including session cookies and persistent cookies. Session cookies are temporary and only valid until you close your browser. Persistent cookies remain in your hard disk until you delete them or their term expires (the period for which the cookies will remain on the device depends on “lifetime” of cookies).
Web site cookies are used to remember your preferences and customize your web site/mobile application usage. This usage includes cookies which save your password and ensure your web site/mobile application session remain open continuously, by this way keep you from entering password for several times in every visit and the cookies which remember and know you in your next visits in the web site/mobile application.
They are used to determine how you use the web site/mobile application including measurement of your use in web site/mobile application like the place where you connect to the web site, the content you display on web site/mobile application and the period of your visit.
Web site cookies may also be used to put “advertisement technology” into practice in order to present you advertisements it suggests that you will be interested when you visit search engines, web sites, mobile applications and/or internet sites in which the web site gives advertising. Advertisement technology uses the details related with your previous visits in web sites/mobile application and web sites/mobile applications in which the web site gives an advertisement in order to present advertisements customized for you. A unique third party cookie may be placed on your browser in order to ensure the web site to recognize you while presenting advertisements.
Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi also uses Google Analytics that is a web analysis service provided by Google, Inc. Google Analytics uses cookies in order to analyze how users use the web site, the mobile application and/or mobile site with statistical information/reports.
You can use the possibility of allowing and rejecting cookies by
using the following methods:
|
Google Chrome |
You can allow or block cookies on
“Cookies” tab by clicking on “key sign” on address section of your browser. |
|
Internet Explorer |
You can manage cookies as “allow” or “do
not allow” by clicking of security tab on the “Settings” section located at
upper right of your browser. |
|
Mozilla Firefox |
Click “open menu” tab located at upper
right corner of your browser. By clicking “Options” view, using “Privacy and
Security” button, you can manage cookies. yönetebilirsiniz. |
|
Opera |
You can perform cookies management on
“Cookies” section by choosing “Advanced” on “Preferences” section of your
browser. |
|
Safari |
You can perform all cookies management on
“Privacy and Security” Section by choosing “safari” tab at your phone’s
“Settings” section. |
If you reject persistent cookies or session cookies, you can continue to use the web site, mobile application and mobile site but you may not access to all functions of the web site, mobile application and mobile site and your access may be restricted.
Details about cookies existing in our web site are given in the following tables:
Functional and Analytical Cookies contain data with respect to remember your preferences, effective use of web site, optimization of the site in a way responding to user requirements and the way how visitors use the site. Such kinds of cookies in nature may contain your personal data like user name etc.
|
Media |
Purpose of Using Cookies |
Type of Cookies |
|
Google (analytics, adwords, doubleclick, adform) |
Computation, Advertisement, In-site Improvement |
Functional and analytical cookies Commercial cookies |
|
Facebook & Instagram, Youtube, Tiwitter, Linkedin |
Advertisement |
Commercial cookies |
|
Insider |
Computation Advertisement, In-site Improvement |
Functional and analytical cookies Commercial cookies |
|
Hotjar |
Computation, In-site Improvement |
Functional and analytical cookies Commercial cookies |
|
Third party firms (admatic, , taboola, biddablead, v,dout,adventure, advancenative, performics, programatik, criteo etc.) |
Advertisement |
Functional and analytical cookies Commercial cookies |
3.8. Period of Storing Personal Data
Our company stores personal data if specified in the relevant laws and legislations for a period specified in these legislations.
If any period is not regulated in the legislation for storage of personal data, then the personal data is processed for a period required to be processed, then deleted and anonymised in accordance with our Company practices and customs of commercial life depending on the services provided by our Company while processing this data.
If the purpose of processing personal data has ended; period of storage determined by the relevant legislation and the Company has expired; personal data may only be stored in order to claim the relevant right or establish the defense in case of possible legal disputes. Timeout periods for claiming the said right and storage periods based on the examples in requests sent to our Company previously in the same subjects even though timeout periods expired are determined in establishment of the periods stated here. In this case, personal data stored is not accessed for any other purpose and access to relevant personal data is only provided when required to be used in relevant legal dispute. Personal data is deleted, destroyed or anonymised after the period stated here has expired.
3.9. Deletion, Destroying and Anonymization of Personal Data
As regulated in Article 7 of the PDP Law, personal data is deleted, destroyed or anonymized pursuant to our Company’s own decision or request of personal data owner if the reasons of processing them have disappeared even though they were processed in accordance with the relevant law provisions. In this scope, our Company fulfills its relevant liability with the methods described in this chapter.
Our Company may delete or destroy personal data pursuant to its own decision or request of personal data owner if the reasons of processing them have disappeared even though they were processed in accordance with the relevant law provisions. The circumstances which require deleting, destroying personal data are followed-up by the data supervisor and committee.
Anynomization of personal data means that personal data is turned into a situation that may never be correlated with any identified or identifiable real person even by being matched with other data. Our company may anonymize personal data when the reasons requiring to process personal data being processed lawfully disappear.
4. Chapter: THIRD PARTIES to which PERSONAL DATA is transferred by OUR COMPANY and the Purposes of Transfer
Our company notifies individual groups to which personal data is transferred to the personal data owner in accordance with Article 10 of PDP Law.
Our company may transfer personal data of customers to following listed individual categories in accordance with Article 8 and 9 of PDP Law:
Including Europrotel ,Kripto Bilişim, Gymsoft, Logo , GMS Net, Outlook, Wyndham Rewards,Artin Bilişim
Our main shareholders,
Affiliated companies,
Group companies,
Direct/indirect domestic/foreign subsidiaries;
Program partner organizations, domestic/foreign institutions we receive service and cooperate in order to carry out our activities,
Business partners,
Suppliers,
Organizations from which we receive service,
Domestic and foreign servers we use,
Domestic/foreign institutions from which we receive cloud service,
Individuals and organizations which process data and gives computation, targeting, profiling support on behalf of data supervisor,
Supervision Companies,
Advertisement and publicity agents,
Public enterprises and organizations and other 3rd parties due to the existence of legal obligation.
5. Chapter: PERSONAL DATA PROCESSING ACTIVITIES held in BUILDING PREMİSES ENTRANCES and BUILDING PREMİSES
Personal data processing activities held by our company in building premises entrances and in premises are carried out in accordance with the Constitution, PDP Law and other relevant legislation.
Personal data processing activity is performed for monitoring with security camera and following-up guest entries and exits in our Company buildings and premises in order to ensure safety by our company.
Our Company carries out the personal data processing activity by use of security cams and recording guest entries and exits.
In this scope, our Company acts in accordance with the Constitution, PDP Law and other relevant legislation.
5.1. Camera Monitoring Activity Performed in our Building, Premises Entrances and Indoor Areas
This chapter explains our Company’s system of monitoring with camera and informs how personal data, privacy and fundamental rights of individuals are protected.
Our company has the purposes of improving the quality of service being provided, ensuring its reliability, ensuring safety of company, customers and other individuals and protecting benefits of customers related with the service they receive in scope of security camera monitoring activity.
5.1.1. Legal Basis of Camera Monitoring Activity
Camera monitoring activity being performed by our company is carried out in accordance with the Law on Special Security Services and the relevant legislation.
5.1.2. Performance of Security Camera Monitoring Activity in accordance with PDP Law
Our Company acts in accordance with the regulations given in PDP Law in performing activity of camera monitoring for security purpose.
Our company carries out security camera monitoring activity for the purposes specified in the laws and in accordance with personal data processing conditions in order to ensure security in its building and premises.
5.1.3. Announcement of Camera Monitoring Activity
Personal data owner is clarified by our company in accordance with Article 10 of PDP Law.
By this way, it is aimed to prevent damage in fundamental rights and freedoms of personal data owner, ensure transparency and clarify personal data owner.
5.1.4. Aim of Performing Camera Monitoring Activity and Restriction with the Aim
Our Company processes personal data related, restricted and measured with the aim of processing them in accordance with Article 4 of the PDP Law.
The aim of performing video camera monitoring activity by our company is restricted with the aims listed in this Policy. In this direction, monitoring areas, number and monitoring time of security cameras are put into practice as sufficient to achieve security purpose and restricted with this purpose. Monitoring is not made in areas which may cause intervention in personal privacy in a way exceeding security purposes (e.g. toilets).
5.1.5. Ensuring Safety of Acquired Data
Technical and administrative measures required to ensure safety of personal data acquired as a result of camera monitoring activity are taken by our company in accordance with Article 12 of the PDP Law.
5.1.6. Period of Preserving Personal Data Acquired with Camera Monitoring Activity
Detail information about period of preserving personal data acquired with camera monitoring activity by our company is given in Article entitled as Period of Storing Personal Data of this Policy.
5.1.7. The Parties who can Access to Information Acquired as a result of Monitoring and to who This Information is Transferred
The records recorded and stored in digital media are only accessed by limited number of Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi employees. Live camera images may only be watched by security officers externally procuring service. Limited number of individuals who have access to records declare that they will protect privacy of data being accessed with the declaration of privacy.
5.2. Monitoring of Guest Entries and Exits in the Building, Premises Entrances and Indoor Areas
Our Company carries out the personal data processing activity for monitoring guest entries and exits in Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi buildings and premises in order to ensure security and for purposes specified in this Policy.
Names and last names of individuals who visit Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi buildings as a guest are acquired or the said personal data owners are clarified in this scope by means of texts presented for the access of guests in other ways. Data acquired with the aim of guest entrance-exit monitoring is processed only for this purpose and the relevant personal data is recorded in the data recording system in physical media.
5.3. Storage of Records with respect to Internet Access Provided for our Visitors in Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi buildings and premises
Any visitors who request may be provided internet access by our Company for the period they stay in our Buildings and Premises for the aim of ensuring security by our Company and for purposes specified in this Policy. In this case, log registrations about you internet access are recorded in accordance with the Law No. 5651 and mandatory provisions of the legislation regulated with this Law; these records are only processed in order to fulfill our legal liability with respect to supervision processes to be performed in the Company or if requested by the authorized public institutions and organizations.
Log records acquired in this framework may only be accessed by limited number of Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi employees. Company employees who have access to the said records may access to these records only to use in request or supervision processes coming from the authorized public institution and organization and share with legally authorized parties. Limited number of individuals who have access to records declare that they will protect privacy of data they access with the declaration of privacy.
6. Chapter: The Rights of PERSONAL DATA OWNERS; Utilization and EVALUATION of These Rights
Ur Company declares personal data owners about their rights and direct them about the way how these rights may be utilized in accordance with Article 10 of the PDP Law. Our Company carries out required channels, internal functioning, administrative and technical regulations in accordance with Article 13 of the PDP Law in order for evaluation of the rights of personal data owners and making necessary information to personal data owners.
6.7. Rights of Data Owner and Utilization of these Rights
6.7.1. Rights of Personal Data Owner
The Personal Data Protection Law No. 6698 Article 11 entered into force by October 07 of 2016 and your rights effective beginning from this date are as follows. Everyone has the right to;
Learn whether or not his/her personal data is being processed,
Request information about this if the personal data is processed,
Learn about the aim of processing personal data and whether or not the same is utilized in compliance with the aim,
Know about third parties to which personal data is transferred at home and abroad,
Request for correction if personal data has been processed deficiently or wrongfully,
Request to delete or destroy personal data within the framework of conditions specified in Article 7,
Request declaration of processes performed in accordance with paragraphs (d) and (e) to third parties to which the personal data has been transferred,
Object for any conclusion raised against the person by means of analyzing the processed data exclusively by means of automatic systems,
Request for indemnification of a loss in case of suffering by reason of unlawful processing of personal data by applying to the Data Supervisor.
6.7.2. Circumstances in Which Personal Data Owner May not Claim his/her Rights
Personal data owners may not claim their rights listed on the following circumstances because they are excluded from the scope of the PDP Law in accordance with Article 28 of the PDP Law:
Processing of personal data for research, planning and statistical purposes by means of anonimization with official statistics.
Processing of personal data for art, history, literature of scientific purposes or in scope of freedom of expression provided that they do not threaten national defense, national security, public safety, public order, economic safety, right to privacy or personality rights or do not constitute a crime.
Processing of personal data for preventive, protective and informative actions being performed by public institutions and organizations entrusted and authorized to ensure national defense, national security, public safety, public order, economic safety.
Processing of personal data by judicial authorities or execution bodies with respect to investigation, proceedings, judging or execution procedures.
Personal data owners may not claim other rights rather than the right to request indemnification of loss in the following listed circumstances in accordance with article 28/2 of the PDP Law:
If personal data processing is required for prevention of commitment of a crime or criminal investigation.
Processing of personal data anonymized by the personal data owner.
If the personal data processing is required for disciplinary proceeding or prosecution by fulfillment of supervision or regulation duties by public institutions and organizations and professional organizations in nature of public institution entrusted and authorized based on the authority given by the law.
If the personal data processing is required for protection of economic and financial benefits of the State with respect to budget, tax and financial issues.
6.7.3. Utilization of the Rights of Personal Data Owner
In accordance with Article 13, paragraph one of the PDP Law; any application to be made to our Company as the Data Supervisor must be submitted to us in written form or other methods specified by the Personal Data Protection Board (“the Board”). In this framework, applications to be made to our Company in “written form” shall be submitted to us,
By personal application of the applicant,
By means of public notary,
By being sent to the Company’s registered electronic mail address by being signed by “safe electronic signature” defined in the Electronic Signature Law No. 5070 by the Applicant. Our contact details are as follows to make you use this right.
Trade Name: Kempaş Turizm Ve Otelcilik
Tekstil Sanayi Ticaret Limited Şirketi
Mersis (Central Registration system) no : 0544 0593 9800 0018
E-mail address: info@ramadausak.com
Mail address: Fevzi Çakmak Mah. Gazi Bulv. No 44 Uşak/Merkez
6.7.4. Personal Data Owner’s Right to Make a Complaint to the PDP Board
Personal data owner may make a complaint to the PDP Board within thirty days beginning from the date when he/she is informed about the response of our Company and sixty days beginning from application date in any circumstance in cases the application is rejected, response is found insufficient or any response is not made to the application in the relevant term in accordance with Article 14 of the PDP Law.
6.8. Responses of Kempaş Turizm Ve Otelcilik Tekstil Sanayi Ticaret Limited Şirketi to Applications
6.8.1. Method and Period of Responding to Applications by our Company
If the personal data owner duly submits his/her request to our Company, our Company shall conclude the request as soon as possible and at the latest 30 days free of charge depending on the nature of request.
However, if the process requires an extra cost, the charge given in the tariff specified by the PDP Board shall be received by our Company.
6.8.2. The Information which may be Requested by Our Company from the Personal Data Owner
Our Company may request information from the relevant person in order to determine whether or not the applicant is the personal data owner.
Our Company may address a question to the personal data owner with respect to his/her application in order to clarify the issues included in the application of the personal data owner.
6.8.3. Our Company’s Right to Reject the Personal Data Owner’s Application
Our Company may reject application of the applicant by explaining its reason in below listed circumstances:
Processing of personal data for research, planning and statistics purposes by being anonymized with official statistics.
Processing of personal data for art, history, literature of scientific purposes or in scope of freedom of expression provided that they do not threaten national defense, national security, public safety, public order, economic safety, right to privacy or personality rights or do not constitute a crime.
Processing of personal data for preventive, protective and informative actions being performed by public institutions and organizations entrusted and authorized to ensure national defense, national security, public safety, public order, economic safety.
Processing of personal data by judicial authorities or execution bodies with respect to investigation, proceedings, judging or execution procedures.
If personal data processing is required for prevention of commitment of a crime or criminal investigation.
Processing of personal data anonymized by the personal data owner.
If the personal data processing is required for disciplinary proceeding or prosecution by fulfillment of supervision or regulation duties by public institutions and organizations and professional organizations in nature of public institution entrusted and authorized based on the authority given by the law.
If there is the possibility that personal data owner’s request may prevent rights and freedoms of other individuals
7. Chapter: COMPANY’S PERSONAL DATA PROTECTİON and Processing GOVERNANCE Principles
A management structure has been established to ensure acting by our Company in accordance with the PDP Law regulations and enforcement of the Policy on Personal Data Protection and Processing.
A “Personal Data Protection Committee” was established in accordance with decision of the Company’s top management in order to manage this Policy and other policies related and connected with this Policy. Duties of this committee are specified below.
Prepare the main policies with respect to Protection and Processing of Personal Data and submit this to approval of top management for enforcement.
Decide how the implementation and supervision of policies with respect to Personal Data Protection and Processing shall be performed and make an internal appointment within this framework and submit the issues of ensuring coordination to approval of the top management.
Determine the issues required to be performed in order to ensure compliance with the Personal Data Protection Law and the relevant legislation and submit the duties required to be fulfilled to approval of the top management; supervise their implementation and ensure coordination.
Improve awareness within the Company and the organizations with which the Company is in collaboration on the subject of Protection and Processing of Personal Data.
Determine possible risks to arise in the personal data processing activities of the Company, ensure taking necessary measures; submit improvement recommendations to approval of the top management.
Design trainings on protection of personal data and implementation of policies and ensure their execution.
Conclude applications of personal data owners to the highest possible extent.
Coordinate performance of information and training activities in order to ensure personal data owners to be informed about their personal data processing activities and legal rights.
Prepare amendments in the fundamental policies with respect to Personal Data Protection and Processing and submit them for approval of the top management to be enforced.
Follow-up developments and regulations about Personal Data Protection; make recommendations to the top management about duties required to be performed within the Company in accordance with these developments and regulations.
Coordinate the relations with the Personal Data Protection Board and Authority.
Execute other duties to be assigned by the Company’s top management with respect to personal data protection.