Law on Protection of Personal Data

KALE GÜVENLİK SİSTEMLERİ A.Ş.
CONFIDENTIALITY AND PERSONAL DATA PROTECTION PRINCIPLES

 

1. Purpose and Scope

This Confidentiality and Personal Data Protection Principles (“Principles”) regulates the principles of Kale Kilit ve Kalıp San. A.Ş. (hereinafter referred to as “KALE”, “Company” or “Data Controller”) regarding the protection of personal data, and constitutes personal data processing principles in relation with the processing of personal data belonging to the Customer, Prospective Customer, Prospective Employee, Online Visitor, Member and Prospective Dealer (“Groups of Individuals”) and intends to provide information to such groups of individuals.

2. Principles Regarding the Processing of Personal Data

We, KALE, acting in the capacity of Data Controller, process your personal data in accordance with the following principles.

2.1 Processing According to Laws and Rule of Integrity

We act in full compliance with the principles described in legal regulations as well as the rule of general confidence and integrity in the processing of your personal data.

2.2 Ensuring the Accuracy and Currency of Personal Data When and If Necessary

Periodic controls and updates are carried out to ensure accuracy and currency of the processed data based on your legitimate interests, and relevant measures are taken. Accordingly, systems are established within KALE to check the accuracy of personal data and make the necessary corrections.

2.3 Processing for Certain, Explicit and Legitimate Purposes

Your personal data is processed in line with explicit, certain and legitimate data processing purposes.

2.4 Being Relevant, Limited and Reasonable In Terms of the Processing Purpose

We process your personal data in a reasonable, relevant and limited way to achieve the prescribed purpose(s), and we refrain from processing the personal data that is not relevant or necessary in terms of the intended purpose. 

2.5 Keeping the Personal Data for the Period of Time Prescribed in the Relevant Legislation or Required In Terms of the Processing Purpose 

Your personal data is kept only for the period of time prescribed in the relevant legislation or required in terms of the processing purpose. Accordingly, we identify whether any period of time is prescribed in the relevant legislation for the storage of personal data, and if a particular period is mentioned, we act in full compliance with such period. If no period is mentioned, we keep personal data for the period required in terms of the processing purpose. In case of expiration of the period or elimination of the reasons that require the processing of personal data and a legal reason does not exist to allow for processing personal data for a longer period of time, your personal data is deleted, destroyed or anonymized in accordance with KALE’s Policy on Storage and Disposal of Personal Data.

3. Conditions for Processing Personal Data 

Your personal data is processed by KALE in accordance with the following conditions. 

3.1 Existence of Explicit Provision in Laws

Your personal data might be processed in the cases described in the laws that explicitly prescribe the processing of personal data. 

3.2 Failure to Obtain Explicit Consent from the Relevant Person in the Absence of Actual Impossibilities 

Your personal data might be processed if the processing of personal data is mandatory to protect life or physical integrity of the relevant person or someone else who is unable to grant his/her consent or whose consent might not be accepted as valid in the absence of actual impossibilities. 

3.3 Being Directly Related to Concluding or Executing a Contract

Your personal data might be processed if it is required to process the personal data of the parties to the contract, provided that it is directly related to concluding or executing a contract. 

3.4 Fulfillment by KALE of its Legal Obligations 

Your personal data might be processed if it is mandatory to process personal data to fulfill legal obligations as Data Controller. 

3.5 Personal Data in the Public Domain

Your personal data might be processed if you present your personal data in the public domain.

3.6 Mandatory to Process Data to Establish or Protect a Right

Your personal data might be processed if it is mandatory to establish, exercise or protect a right. 

3.7 Processing Personal Data Based on Legitimate Interests 

Your personal data might be processed if it is necessary to process data based on the legitimate interests of KALE. 

3.8 Processing Personal Data Based on Explicit Consent 

Your personal data is processed based on explicit consent if it is impossible to process the personal data based on any of the conditions described in these Principles. 

4. Categorization of Personal Data 

Data SubjectData CategoryData Types

Data Subject

Data Category

Data Types

Prospective Employee

Identity –Personal

Name-Surname- Sex, Date of Birth, Place of Birth, Civil Status, Nationality, Photo

Communication

Address, E-mail, Telephone / Mobile Phone 

Work Experience

Title, Professional Code, Educational Background, Degree and Graduation Information 

Personal Development, Skills, Habits and Hobbies 

Foreign language knowledge, computer skills, training programs participated                                                                                                   (course, seminar etc.) 

Smoking information,

Security of Transaction

IP Address, Website Log-in, Log-out and Browsing Details, Password and Code Details

Sensitive Personal Data

Personal Health Details, Association Membership Details, Criminal Conviction Details 

Customer

Identity

Name-Surname- Sex, Turkish ID Number, Date of Birth, Place of Birth, Civil Status

Financial Information

Invoice, financial and indebtedness details, credit note, credit card and bank card information,               branch code, account number, bank details 

Security of Transaction

IP Address, Website Log-in, Log-out and Browsing Details, Password and Code Details

Contact

Address (home), E-mail, Telephone / Mobile Phone

Prospective Customer

Identity

Name-Surname, Signature 

Contact

Address (home), E-mail, Telephone / Mobile Phone

Online Visitor-

Member-Prospective Dealer 

Identity

Name-Surname

Contact

Address (home, office), E-mail, Telephone / Mobile Phone

Security of Transaction

IP Address, Website Log-in, Log-out and Browsing Details, Password and Code Details

5. Purposes for Processing Personal Data 

At KALE, personal data might be processed for the following purposes depending upon the relevant group of individuals in accordance with the personal data processing conditions described in the Article 5 and 6 of the Law No 6698.

5.1 Prospective Employee

The personal data of prospective employees might be processed for the purposes of planning and managing human resources processes, managing personnel activities, fulfilling the obligations arising from the legislation, planning and managing interests and managing personnel procurement processes in accordance with the personal data processing conditions described in the Article 5 and 6 of the Law No 6698.

5.2 Customer

The personal data of customers might be processed for the purposes of managing product and service procurement processes, managing product and service after-sale support services, managing product and service sale processes, managing product and service production and operation processes, managing company / product / service loyalty processes, managing audit / ethical activities, managing  access authorizations, managing activities according to the legislation, managing financial and accounting affairs, following up and managing legal affairs, managing internal audit / investigation / intelligence activities, following up requests and complaints, managing and auditing business activities, identifying space/area in case of a emergency call according to the legislation and notifying the competent authorities, taking and implementing measures intended to improve business processes, managing the activities that will ensure business continuity, executing customer relations management processes, managing customer satisfaction-based activities, managing marketing analysis studies, managing advertising / campaign / promotional processes, managing communication activities, managing the activities to improve products and services and managing the reward and drawing procedures in accordance with the personal data processing conditions described in the Article 5 and 6 of the Law No 6698. 

5.3 Prospective Customer 

The personal data of prospective customers might be processed for the purposes of conducting the necessary activities required for the business operations of the Company and managing the relevant business processes, managing the necessary activities and relevant business processes to enable the use of products and services provided by the Company, planning and executing the activities required to offer and promote the customized products and services provided by the Company and planning and executing customer relations management processes in accordance with the personal data processing conditions described in the Article 5 and 6 of the Law No 6698. 

5.4 Online Visitor/Member/Prospective Dealer

The personal data of Online Visitors, Members and Prospective Dealers might be processed for the purposes of managing marketing analysis studies, managing advertising / campaign / promotional processes, managing communication activities, managing the activities to improve products and services and fulfilling legal obligations in accordance with the personal data processing conditions described in the Article 5 and 6 of the Law No 6698. 

6. Transfer of Personal Data 

Your personal data might be, in a limited way, transferred to our business partners and dealers, suppliers, affiliates, group companies, legally-authorized public organizations and individuals in accordance with the rules and purposes described in the Article 3 and 5 of these Principles and the personal data processing conditions and purposes prescribed in the Article 8 and 9 of the Law No 6698.

7. Method and Legal Reason for Collection of Personal Data 

Your personal data provided to KALE electronically is processed as indicated below depending upon the relevant groups of individuals. 

7.1 Prospective Employee 

The personal data of Prospective Employees is processed by means of completing an electronic application form, completing a physical form or through call center operations or automatically collected from the relevant person or third parties as part of the data recording system, based on the legal reasons for the ‘‘necessity to process the personal data of the parties to the contract provided that it is directly related to concluding or executing a contract’’ as part of an employment contract which is likely to be concluded, ‘‘being mandatory for data controller to fulfill its legal obligations and ‘being mandatory to process personal data for the legitimate interests of data controller, provided that the fundamental rights and liberties of the relevant person are not damaged, in accordance with the Article 5 of the Law No 6698.

7.2 Customer

The personal data of Customers is processed by means of completing an electronic application form, completing a physical form or through call center operations or automatically collected from the relevant person or third parties as part of the data recording system, based on the legal reasons for the ‘‘necessity to process the personal data of the parties to the contract provided that it is directly related to concluding or executing a contract’’ as part of a subscription contract, ‘‘being mandatory for data controller to fulfill its legal obligations and ‘being mandatory to process personal data for the legitimate interests of data controller, provided that the fundamental rights and liberties of the relevant person are not damaged, in accordance with the Article 5 of the Law No 6698.

7.3 Prospective Customer

The personal data of Prospective Customers is processed by means of completing an electronic application form, completing a physical form or through call center operations or automatically collected from the relevant person or third parties as part of the data recording system, based on the legal reasons for ‘‘presenting the personal data in the public domain by the relevant person’’, ‘‘being mandatory to process personal data to establish, exercise or protect a right’’, ‘being mandatory to process personal data for the legitimate interests of data controller, provided that the fundamental rights and liberties of the relevant person are not damaged, and ‘‘being mandatory for data controller to fulfill its legal obligations in accordance with the Article 5 of the Law No 6698. 

7.4 Online Visitors/Members/Prospective Dealers 

The personal data of Online Visitors, Members and Prospective Dealers is processed by means of completing an electronic application form, completing a physical form or through call center operations or automatically collected from the relevant person or third parties as part of the data recording system, based on the legal reasons for ‘being mandatory to process personal data for the legitimate interests of data controller as part of a membership contract, provided that the fundamental rights and liberties of the relevant person are not damaged, and ‘‘being mandatory for data controller to fulfill its legal obligations, in accordance with the Article 5 of the Law No 6698. 

8. Security of Personal Data 

8.1 Kale takes reasonable measures that will avoid unauthorized access risks, accidental data losses, intentional deletion of data or damages and losses for the purpose of ensuring the security of personal data and preventing illegal processing of personal data. 

8.2 All necessary technical and physical measures are taken to prevent unauthorized access to personal data. In this regard, the authorization system is particularly configured in a way that will make it impossible to access to personal data more than necessary. 

8.3 Kale executes and ensures the execution of necessary inspections to ensure the implementation of the provisions of the Law No 6698 in its own companies or organizations. 

9. Third Party Personal Data Commitments 

The relevant Group of Individuals agrees and grants consent for the processing by KALE of personal data provided by Groups of Individuals in terms of 3rd parties. Also, the relevant Group of Individuals undertakes that it has provided the necessary information and obtained the necessary permissions regarding the individuals and information transferred. The damages and losses that might otherwise occur will be covered by the relevant Group of Individuals. 

10. Application Procedures and Rules 

In connection with your requests within the scope of the Article 11 of the Law No 6698 that regulates the rights of relevant individuals, you can make a personal application to KALE with your original signature in accordance with the conditions described in the “KALE APPLICATION FORM FOR THE PROTECTION OF PERSONAL DATA OF RELEVANT PERSON (PERSONAL DATA SUBJECT)” or you can make a written application to Ayazağa Mahallesi Cendere Caddesi NO:109F Vadistanbul 1E Ofis Sarıyer/İstanbul through Notary Public or send an application to kaleguvenlik@kale.hs03.kep.tr from Registered Electronic Mail (KEP) and send an e-mail to kisiselveriler@kalekilit.com.tr with mobile signature/e-signature. You can access to KALE APPLICATION FORM FOR THE PROTECTION OF PERSONAL DATA OF RELEVANT PERSON (PERSONAL DATA SUBJECT) at the website www.kalekilit.com.tr or request the form directly from the contact e-mail address. 

In summary, you, in the capacity of Data Subject, are entitled to: 

  • To know whether his/her personal data has been processed or not,
  • If his/her personal data has been processed, to ask for information about processing of such data,
  • To know the purpose of processing of personal data and to know whether such data is used in accordance with the purpose,
  • To know the third parties inland or abroad, to whom such personal data has been disclosed, 
  • If the personal data has been processed incompletely or wrongly, to ask for correction of it,
  • To ask for deletion or disposal of personal data according to the conditions prescribed in the relevant legislation, 
  • To ask for providing information to third parties to whom such personal data has been disclosed, 
  • To object to the occurrence of any negative results about data subject through analysis of the processed data exclusively by automatic systems,
  • To ask for the indemnification of the loss suffered due to the processing of personal data in violation of the law.