MUYA POLYURETHANE KAUÇUK IND. AND TRADE Inc.

POLICY ON PROTECTION AND PROCESSING OF PERSONAL DATA 

 CONTENTS

 

  1. PURPOSE AND SCOPE OF THE POLICY
  2. DEFINITIONS
  • PRINCIPLE ON THE PROCESSING OF PERSONAL DATA
  1. PERSONAL DATA PROCESSING TERMS AND EXCEPTIONAL CASES
  2. PERSONAL DATA CLASSIFICATION
  3. ENSURING THE SECURITY OF PERSONAL DATA
  • PERSONAL DATA PROCESSING PURPOSES
  1. In Terms of Security Camera Application in the Workplace
  2. Regarding Personal Data of Customers, Potential Customers and Business and Solution Partners
  3. In Terms of Personal Data of Visitors
  4. Regarding Personal Data of Employee Candidates
  5. In Terms of Personal Data Belonging to Employees
  6. Regarding Personal Data of Subcontractors
  • TRANSFER OF PERSONAL DATA DOMESTIC AND ABROAD
  1. DESTRUCTION OF PERSONAL DATA
  2. RIGHTS OF PERSONAL DATA OWNER
  3. CLOSING PROVISIONS

  1. PURPOSE AND SCOPE OF THE POLICY

 

In order to comply with the Personal Data Protection Law No. 6698 (“KVKK” ) published in the Official Gazette No. 29677 dated 07.04.2016 and the relevant legal regulations, the procedures and principles adopted and to be implemented by our Company are regulated by this Policy, within the scope of the data controller's obligation to inform. .

Regarding your personal data processed by our company; The practices and principles regarding your processed personal data, personal data processing principles, personal data processing purposes and conditions, transfer of your personal data at home and abroad, destruction of your personal data and your rights on your processed personal data are informed to you below.

MUYA POLYURETHANE KAUÇUK IND. AND TRADE Inc. (Hereinafter referred to as “ MUYA ”) will act in accordance with the procedures and processes specified in this Policy in order to comply with KVKK and other relevant regulations and to process, use, destroy, transfer and other matters of your personal data in accordance with the Law and other regulations.

This Policy may be updated from time to time due to changes in legislation and/or conditions. If an update is made, it will be notified via the Company website and other channels.

 

  1. DEFINITIONS

 

Explicit Consent:

Consent regarding a specific issue, based on informed consent and expressed with free will.

Anonymization:

Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.

Personal Data:

Any information regarding an identified or identifiable natural person.

Processing of Personal Data:

Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Any action performed on data, such as blocking.

Personal Data Owner:

The real person whose personal data is processed.

Special Personal Data:

Data regarding individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data of special quality is personal data.

Data Processor:

Natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Data Controller:

The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

 

  • PRINCIPLES OF PROCESSING OF PERSONAL DATA

Our company carries out personal data processing activities within the framework of the following principles and principles in accordance with Article 4 of the KVKK, which regulates the procedures and principles regarding the processing of personal data.

  1. Compliance with Law and Honesty Rules

Our company processes your personal data in accordance with KVKK and other laws and regulations that must be complied with due to the work performed.

  1. Being Accurate and Up to Date

Our company carries out the necessary procedures and takes technical and administrative measures to ensure that the personal data provided by the data owner is not changed without permission and is untrue, and to update the personal data if requested by the data owner in case of a change in the processed data.

  1. Processing for Specific, Clear and Legitimate Purposes

Your personal data processed by our company is processed in accordance with the processing purpose and within the framework notified to you.

  1. Being Relevant, Limited and Proportionate to the Purpose of Processing

Our Company does not process personal data that does not coincide with its activities, is not required within the framework of the Company's activities, and exceeds the purpose of processing.

  1. Preservation for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose for which they are Processed

Your data processed within the framework of KVKK and other relevant laws and regulations are kept for the period stipulated in the relevant legislation or required to be kept due to the nature of the personal data processed.

  1. PERSONAL DATA PROCESSING TERMS AND EXCEPTIONAL CASES

 

- General personal data to be processed within the framework of company activities;

  1. a) Provided that the explicit consent of the data owner is obtained, or
  2. b) What is clearly provided for in the law,
  3. c) It is mandatory for the protection of the life or physical integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity,
  4. d) Processing of personal data of the parties to the contract is necessary, provided that it is directly related to the establishment or performance of a contract.
  5. e) Mandatory actions for the data controller to fulfill its legal obligations
  6. f) Made public by the relevant person himself,
  7. g) Data processing is mandatory for the establishment, exercise or protection of a right,
  8. h) Provided that it does not harm the fundamental rights and freedoms of the data subject, data may be processed without the explicit consent of the data owner if there is one of the situations where data processing is mandatory for the legitimate interests of the data controller.

- Special personal data to be processed within the framework of company activities;

  1. a) It will not be processed unless the explicit consent of the data owner is obtained,
  2. b) Except for special personal data regarding health and sexual life, it may be processed without the explicit consent of the data owner in cases stipulated by law,
  3. c) Special data regarding health and sexual life may be processed without the explicit consent of the data owner for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing.

  1. PERSONAL DATA CLASSIFICATION

 

 

Identity Information

Written on your identity card; Name, surname, mother's name, father's name, place of birth, date of birth, marital status, religion, blood group, registered province, district and neighborhood and the information written on your identity card, including but not limited to these.

Contact Information

Requested from you or given by you in order to communicate with you; Your contact data such as home phone number, mobile phone number, residence address or other address information, e-mail address.

 

Personal Information

Photocopy of identity card,

Identity register copy,

Certificate of residence,

Health report,

Photocopy of diploma,

Criminal record,

passport photo,

Document stating family status,

Military status certificate,

Employment Agreement / Service Agreement,

SGK employment declaration,

Your criminal record (criminal record),

Information and documents regarding your health condition.

 

Bank Account Information

Bank account number, IBAN number, other information regarding credit card and debit card.

CV Information

Your educational information written on your CV or requested by our Company or provided by you, school information regarding your education, certificate information, educational status and information about your training,

Location, date and duration information about your work experiences written on your CV or requested by our Company or given by you, information about your previous job and position, all kinds of information about your work experiences,

Your photograph written on your CV or requested by our Company or provided by you,

The information written on your CV or your driver's license and driver's license requested by our Company or given by you,

Information about your references and references written in your CV or requested by our Company or given by you.

 

Visitor Information

Company name of the visitors coming to the company, vehicle license plate if any, person visited and other information.

 

 

  1. ENSURING THE SECURITY OF PERSONAL DATA

 

As MUYA, we carry out the technical and administrative measures deemed necessary to ensure the security of your personal data, which we process within the framework of company activities, in accordance with KVKK and relevant legislation, within the framework of the necessary technological infrastructure; In this regard, we take precautions against data breach, unauthorized access, data loss, unauthorized modification of data and other threats and carry out the necessary inspections.

In this context, we identify current risks and threats, conduct awareness studies by training our employees, determine policies and procedures regarding personal data security, ensure personal data minimization, and create the necessary confidentiality agreements with data processors; In order to ensure cyber security, we use firewalls and up-to-date anti-virus programs, configure our existing software and hardware, perform software updates and audits; We ensure the security of physical and electronic environments containing personal data, and take the necessary measures to prevent your data security from being violated by unauthorized persons through key management, access logs, user account management, infiltration control and encryption methods.

 

  • PERSONAL DATA PROCESSING PURPOSES

 

Your personal data is processed for the purposes limited to fulfilling company activities and legal obligations.

In this direction,

  1. In Terms of Security Camera Application in the Workplace

 

  • Within MUYA, surveillance is carried out with security cameras at various points in order to protect the life and property of employees and ensure the safety of the workplace in accordance with the Occupational Health and Safety Law No. 6331, Labor Law No. 4857 and secondary legislation. In the areas where monitoring is carried out, a camera warning message informs you that monitoring is taking place.
  • Security cameras are positioned within the limits of proportionality to ensure safety in the workplace and within the legitimate interests of the employer.

 

  1. Regarding Personal Data of Customers, Potential Customers and Business and Solution Partners

 

  • Providing more effective service with our customers, suppliers and business partners; Ability to carry out legal and financial processes,
  • Ability to effectively carry out all processes regarding orders received, including shipping and return procedures,
  • Ensuring workplace safety, commercial security and economic security,
  • Within the scope of Social Compliance-Ethics audits, authorized private law real and legal persons can audit the compliance of business activities carried out with social compliance and ethical criteria,
  • Your identity information, contact information, financial identity information and other personal data provided to us and requested by us may be processed in order to carry out the necessary workflow processes by our relevant departments in order to improve the service offered by our company and ensure product satisfaction.

  1. In Terms of Personal Data of Visitors

 

  • Personal data of visitors to our company, such as their company name, vehicle license plate, visit time, are processed electronically and physically in order to ensure internal order and the safety of life and property.

  1. Regarding Personal Data of Employee Candidates

  • Job applications and resumes are forwarded to the relevant department to check suitability for the job and begin the interview process,
  • Determining and examining whether you provide sufficient and necessary qualifications for the position you are applying for, at the time of applying for a job, during the job application process and during any process to be carried out during the job application,
  • Calling your references and getting references about you,
  • If the job interview is successful at the end of the job application process, you can be placed in your position at the workplace,
  • If the job interview is unsuccessful at the end of the job application process, you will later be contacted by our Company or our group Companies Terda Terlik Dağ. Singing. Tic. Ltd. Ltd. and Bilgiçler Yapı İnşaat Ltd. When a suitable position is opened at Şti., the identity information, contact information, CV information and other personal data of the employee candidates are processed in line with the purpose and methods of informing you about the job opportunity by making the necessary evaluations again.

  1. In Terms of Personal Data Belonging to Employees
  • Ensuring internal order, workplace peace and security,
  • Processing of personal data of employees and interns for the purpose of fulfilling legal obligations such as creating and storing personnel files and sharing them with auditor public institutions and organizations and authorized private law real or legal persons during workplace inspections,
  • Recording all transactions carried out by employees in the fileserver system through logging,
  • Including visuals on corporate social media accounts regarding our company's organization and other activities,
  • Using methods to determine employee entry and exit times and other electronic surveillance methods in order to ensure the safety of the workplace and employees and to protect the safety of life and property,
  • Organizing the necessary organization for the provision of activities such as fairs, seminars, trainings, conferences, trips, social events and accommodation and transportation services by the Company and/or third parties on behalf of the Company, carrying out visa procedures, informing about the developments about the Company, communicating with him and his relatives when necessary. The personal data of employees can be recorded by the Company and transferred to third parties at home or abroad within the scope of communication, motivational rewards (such as gifts, promotions), promotion and advertising of the Company's activities and other purposes,
  • Processing general and special personal data of employees within the scope of documents and documents that must be kept within the scope of OHS activities and sharing them with workplace physicians and health officers,
  • Fulfilling the procedures regarding the performance of services offered to employees, transferring the relevant personal data of employees to third parties with whom the Company has a contractual relationship, to the extent necessary,
  • Keeping the GSM line, credit card or vehicles allocated to the employee within the scope of the employer's management right,
  • Identity information, CV information, personnel information, bank account information, contact information, contact information, in line with the purpose and methods of keeping the correspondences made with the corporate e-mail account allocated for the use of the employee and the e-mail files containing these correspondences in the cloud system available abroad. and other personal data may be processed.
  1. Regarding Personal Data of Subcontractors
  • Processing it for the purpose of fulfilling legal obligations such as creating and keeping a personnel file and sharing it with auditor public institutions and organizations and authorized private law real or legal persons during workplace inspections,
  • Processing general and special personal data of subcontractors within the scope of documents and documents that must be kept within the scope of OHS activities, and sharing them with workplace physicians and health officers,
  • Your identity information, personnel information, bank account information, contact information, contact information and other personal data may be processed in line with the purposes and methods of determining the entry and exit times of employees and the use of other electronic surveillance methods in order to ensure the safety of the workplace and employees and to protect the safety of life and property.

  • TRANSFER OF PERSONAL DATA DOMESTIC AND ABROAD

 

Your personal data;

  • In order to improve the efficiency of our company and its employment and employee recruitment policies and to ensure sustainability, it is sometimes transferred to third parties, in a limited and related manner, to our Group Companies, Terda Terlik Dağ. Singing. Tic. Ltd. Ltd. and Bilgiçler Yapı İnşaat Ltd. to Şti.

  • To banks, third parties working together, occupational health and safety specialists, workplace physicians and health personnel in order to fulfill the obligations of the employer within the scope of the employment contract,

  • Your personal data databases are transferred to Microsoft Office applications, cloud solutions, SAP applications and backup systems located abroad, in order to manage and manage the affairs within the company, to carry out company affairs, to implement company policies, to manage and carry out the workflow efficiently,

  • External service providers have been checked by the Company to take the technical and administrative security measures required by the legislation and sector practices within the scope of carrying out the Company's commercial and other activities, and commitments regarding this matter have been drawn up between the parties,

  • In addition, in order to provide products and services, it can be transferred to our business partners, suppliers, third parties from whom services are received within the scope of company activities and abroad.

  • Upon request or when necessary in line with our legal obligations, your personal data may be shared with enforcement offices or courts (at all levels) as well as relevant Ministries, directorates, Social Security Institution, İŞKUR and other persons.

  1. DESTRUCTION OF PERSONAL DATA

 

Personal data processed within the scope of our company's activities are stored within the framework of the purpose of processing and for the periods necessary to achieve this purpose and for the retention period stipulated in the relevant legislation.

Data that has ceased to function, whose storage period has expired, and which is requested to be destroyed by the data owner, if possible within the framework of the legislation, will be destroyed using the appropriate method of deleting, destroying or anonymizing personal data listed in Article 7 of the KVKK.

Deletion of personal data is the process of making personal data inaccessible and unusable for the relevant users in any way.

Destruction of personal data is the process of making personal data inaccessible, irretrievable and unusable by anyone.

Anonymization of personal data means making it impossible to associate personal data with an identified or identifiable natural person in any way, even if it is matched with other data.

  1. RIGHTS OF PERSONAL DATA OWNER

 

Regarding the personal data processed within the scope of our Company's activities, the data owner may, within the framework of your rights listed in Article 11 of the KVVK, by applying to our Company;

  1. a) Learning whether personal data is being processed or not,
  2. b) Requesting information if personal data has been processed,
  3. c) Learning the purpose of processing personal data and whether they are used for their intended purpose,
  4. d) Knowing the third parties to whom personal data is transferred domestically or abroad,
  5. e) Requesting correction of personal data if they are incomplete or incorrectly processed,
  6. f) Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
  7. g) To request that the transactions carried out in accordance with paragraphs (d) and (e) be notified to third parties to whom personal data is transferred,
  8. h) Object to the emergence of a result against the person by analyzing the processed data exclusively through automatic systems,
  9. i) In case of damage due to unlawful processing of personal data, they have the right to demand compensation for the damage.

  1. CLOSING PROVISIONS

If you exercise your rights above and make an application to our Company regarding the above-mentioned issues, your requests in your application will be finalized free of charge within thirty (30) business days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost for the Company, the fee in the tariff determined by the Personal Data Protection Board may be requested.

For matters regarding the processing of your personal data, you must submit your application to our Company by filling and signing the application form available on the Company's website and personally proving your identity.

For MUYA employees, it is possible to apply to our Company by using the KVKK Application Form in the Administrative Affairs Department or OHS Specialist.

MUYA Polyurethane Kauçuk San. and Tic. Inc. Contact information

Head Office Address: Adnan Kahveci Mah. İnönü Cad. No:95 Beylikdüzü / Istanbul

Email address for contact: mh@muya.net