-
PURPOSE OF THE CLARIFICATION TEXT AND PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA
As Unigen Yapı Malzemeleri A.Ş. (UNIGEN / Company), we prioritize the security of your personal data. With this awareness, we place great importance on the processing, recording, transferring, sharing, and storage of all types of personal data belonging to individuals associated with our Company, including those who benefit from our products and services, in accordance with the Personal Data Protection Law No. 6698 ("KVK Law").
The protection of personal data is among our Company's core policies, and throughout the existence of our Company, the confidentiality of personal data has been a top priority, adopted as a working principle, and instructed to our employees accordingly. Our Company accepts and undertakes to comply with all responsibilities imposed by the KVK Law. With full awareness of this responsibility and in the capacity of Data Controller, we process, record, transfer, share, and store your personal data as explained below and within the limits mandated by the official legislation.
IDENTITY OF THE DATA CONTROLLER
Unigen Yapı Malzemeleri A.Ş.
Address: İnönü Mahallesi, Kayışdağı Caddesi, Kandiş İş Merkezi, No:128, Floor:2, Postal Code: 34755, Ataşehir / Istanbul
Phone: +90 216 577 04 34
Email: unigenyapi@hs01.kep.tr or kvkk@unigen.com.tr
Our Company reserves the right to update this "General Clarification Text and Privacy Policy" at any time within the scope of changes that may occur in the applicable legislation.
COLLECTION, PROCESSING, PURPOSE, AND LEGAL REASON FOR PROCESSING PERSONAL DATA
Our Company’s General Clarification Text and Privacy Policy have been prepared in accordance with the KVK Law. In this context, your personal data may vary depending on the services, products, or commercial activities provided by our Company and may be collected verbally, in writing, or electronically, through automatic or non-automatic methods, including offices, cameras, and our web pages, among similar means.
Separate Clarification Texts and Explicit Consent Forms prepared for individuals whose personal data are processed are communicated to those individuals. Personal data processed without explicit consent are specified under Article 5 of the law.
Data Processing Due to Legal Obligations or Explicitly Stipulated by Law
Personal data may be processed without additional consent if the processing is explicitly stated in the relevant legislation or to fulfill a legal obligation specified by legislation. The type and scope of data processing must be necessary for the legally permitted data processing activity and comply with the relevant legal provisions.
Collection and Processing of Data for Contractual Relationships
If a contractual relationship is established with our customers and suppliers, the collected personal data can be used without obtaining customer consent. However, this use occurs in line with the purpose of the contract. Data is used as required for better execution of the contract and service necessities and is updated as needed by contacting customers.
Your personal data may be collected through various channels such as our Company's business units, accounting software database, PDKS (Personnel Attendance Control System), camera recordings, website, parties, and suppliers providing services that complement or are an extension of our Company's activities, affiliated organizations, business partners, and similar other channels, whether automatically or non-automatically, in written, verbal, or electronic form.
PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA
According to the KVK Law, data about individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, attire, membership in associations, foundations, or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data, are considered special categories of personal data. Our Company takes adequate measures determined by the Personal Data Protection Board when processing special categories of personal data. To provide better service, our Company will process such data only with the consent of the relevant person and solely to serve the purpose of collection.
TO WHOM AND FOR WHAT PURPOSE PERSONAL DATA CAN BE TRANSFERRED
Your personal data may be transferred without the consent of the relevant person if one of the conditions specified in Article 2 of the KVK Law 5th article and Article 3 of the 6th article is met, provided that sufficient precautions are taken. Provisions in other laws regarding the transfer of personal data are reserved.
Collected personal data may be transferred to our shareholders, business partners, suppliers, legally authorized public institutions and private individuals within the scope of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVK Law.
Our Company is authorized to transfer personal data abroad in accordance with the conditions specified by the Personal Data Protection Board in the KVK Law and other relevant conditions after obtaining explicit consent from the person for this purpose.
The entities to whom personal data processed by our Company will be transferred are specified in the Clarification Texts prepared separately for the individuals whose data are processed.
DURATION FOR WHICH PERSONAL DATA WILL BE PROCESSED
According to the KVK Law, your personal data processed for the purposes specified in the "Clarification Text and Explicit Consent Forms" prepared separately for the relevant persons will be deleted or destroyed by us when the purpose requiring processing ceases to exist and/or when the statute of limitations we are obliged to adhere to according to the legislation expires, in accordance with Article 7/f.1. of the KVK Law.
CIRCUMSTANCES IN WHICH YOUR PERSONAL DATA MAY BE PROCESSED WITHOUT CONSENT BY LAW
Under Article 5 of the KVKK, our Company may process your personal data collected in accordance with the law without your explicit consent in the following circumstances:
- In cases expressly provided for by law;
- If you are unable to disclose your consent due to actual impossibility as the data owner or your consent is not legally valid, for the protection of yourself or another person's life or physical integrity;
- If the processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract you have entered into with our Company, affiliated companies/organizations, real and/or legal persons;
- If it is mandatory for our Company to fulfill its legal obligations;
- If your personal data has been made public by you;
- If data processing is mandatory for the establishment, exercise, or protection of a right;
- If processing is necessary for our Company’s legitimate interests, provided that it does not harm your fundamental rights and freedoms.
If you submit your requests regarding your rights mentioned above via email to unigenyapi@hs01.kep.tr or kvkk@unigen.com.tr, or through other application methods specified in the Communiqué on the Procedures and Principles of Application to the Data Controller, we will conclude your request free of charge as soon as possible and within no later than 30 (thirty) days, depending on the nature of the request. However, if the transaction incurs an additional cost, the fee determined in the tariff set by the Personal Data Protection Board will be charged.
PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH PRINCIPLES SPECIFIED IN LEGISLATION
Processing in Accordance with the Law and the Rules of Good Faith
UNIGEN acts in compliance with the principles brought by legal regulations and the general rules of trust and honesty in the processing of personal data. In this context, personal data is processed to the extent required by the business activities of our Company and is limited to them.
Ensuring Personal Data is Accurate and Up-to-date When Necessary
UNIGEN takes necessary measures to ensure that personal data is accurate and up-to-date during the processing period and conducts necessary work at specified intervals to ensure the accuracy and up-to-dateness of personal data.
Personal data within UNIGEN is, as a rule, processed as declared by the relevant persons. UNIGEN is not obliged to investigate the accuracy of the data declared by customers or those who contact our Company, nor is it required by law or our working principles. Declared data is deemed accurate. The principle of accuracy and up-to-dateness of personal data is also adopted by our Company. Our Company updates personal data processed based on official documents or upon the request of the relevant person. Necessary measures are taken for this.
Processing for Specific, Clear, and Legitimate Purposes
UNIGEN explicitly states the purposes of personal data processing and processes them within the scope of these purposes in line with business activities.
Processing in Connection with, Limited to, and Proportionate to the Purpose
UNIGEN collects personal data to the extent required by business activities and processes it only within the scope of the specified purposes.
Retention for the Time Stipulated by the Relevant Legislation or Required for the Purpose of Processing
UNIGEN retains personal data for the necessary duration for the purpose for which they are processed and for the minimum period stipulated in the relevant legal legislation governing the activity. Personal data is destroyed at the end of the retention periods determined through periodic destruction periods or in accordance with the requests of the data owner, using the specified destruction methods (deletion and/or destruction and/or anonymization).
PRINCIPLE OF MINIMIZATION
According to our principle called the principle of minimization, data reaching UNIGEN is processed only as much as necessary. Therefore, the data we collect is determined based on purpose. Unnecessary data is not collected. Other data that reaches our Company is transferred to our Company's information systems in the same way. Excess information is not recorded in the system, is deleted, or anonymized. This data can be used for statistical purposes.
CONFIDENTIALITY AND DATA SECURITY PRINCIPLE
Personal data is confidential, and UNIGEN respects this confidentiality. Personal data within the Company can only be accessed by authorized persons. All necessary technical and administrative measures are taken to protect the personal data collected by our Company, prevent unauthorized access, and avoid causing any victimization to the data owner. In this context, ensuring software standards, carefully selecting third parties, and ensuring compliance with Information Security Policies within the Company is ensured. The companies we share personal data with legally are also required to protect the data.
In purchases made on Unigo (www.unigo.com.tr), payments are carried out directly by our payment service provider and contracted banks through a secure SSL encryption. Your personal payment information is never stored on our website, transmitted to third parties, or shared with third parties.
It has been accepted in advance that UNIGEN will not be responsible for any damages incurred by harmful software, viruses, and other elements to which you may be exposed during the use of Unigo (www.unigo.com.tr) and Unigen's website unless these harmful software, viruses, and other elements were sent by UNIGEN with intent and/or gross negligence, and no claims will be made from UNIGEN for this reason. It is agreed that you will provide the security of your own system with virus and similar harmful software protection systems.
An Access Authorization Policy specifying the conditions for accessing information, user definition, and deletion rules has been prepared and published in our organization.
Antivirus software is active on all computers to protect against harmful software. The applications implemented within our organization are detailed in the Antivirus Policy.
All critical data is backed up in our organization. Rules are detailed within the Backup Policy.
Employees and external users using or accessing assets within our organization are made aware of the information security requirements related to the organization's assets, information, and information processing facilities and resources. These users are responsible for all uses under their responsibility of all information processing resources. The Acceptable Use Policy of Assets details this.
The use of portable media devices (USB, external drives, etc.) is controlled within the organization. Authorizations have been made for the use of these devices.
Personnel Confidentiality and KVKK Agreement is made with our employees within the organization, and Supplier Confidentiality and KVKK Agreement is made with our suppliers who access personal data. Declarations regarding data security are obtained from our employees and suppliers.
AUDIT
UNIGEN conducts necessary internal and external audits on the protection of personal data.
NOTIFICATION OF VIOLATIONS
When UNIGEN is notified of any violations related to personal data, it acts immediately to remedy the violation. It minimizes and compensates for the damage. In the event of unauthorized access to personal data by third parties, it immediately notifies the Personal Data Protection Board.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
As a data owner, you can apply to our Company to:
Learn whether your personal data is processed, Request information if your personal data has been processed, Learn the purpose of processing your personal data and whether they are used in accordance with their purpose, Know the third parties to whom your personal data is transferred at home or abroad, Request correction of your personal data if they are incomplete or incorrectly processed, and request that the transactions made in this context be notified to the third parties to whom your personal data is transferred, Request the deletion or destruction of your personal data, even though it has been processed in accordance with the provisions of the Law and other relevant laws, if the reasons requiring its processing disappear, and request that the transactions made in this context be notified to the third parties to whom your personal data is transferred, Object to the emergence of a result against you by analyzing your processed data exclusively through automated systems, Request compensation if you suffer damage due to the unlawful processing of your personal data.