- CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA AND PURPOSE OF THE CONFIDENTIALITY POLICY
We, as Unigen Yapı Malzemeleri A.Ş. (UNIGEN / the Company) show utmost care to the security of your personal data. With this awareness, we attach great importance to the processing, recording, transferring, sharing and retention of all kinds of personal data of all persons related to our Company, including those who get benefit from our products and services, in accordance with the Protection of Personal Data Law numbered 6698 (the “PPDL").
Protection of personal data is among the basic policies of our Company, and our Company has given priority to the confidentiality of personal data throughout its existence, has adopted this as a working principle and instructed its employees to work in line with this principle. Our Company accepts and undertakes to comply with all responsibilities imposed by the PPDL. With full awareness of this responsibility and in the capacity of the Data Controller, we process, record, transfer, share and retain your personal data as explained below and within the limits imposed by official legislation.
- IDENTITFY OF DATA CONTROLLER
Unigen Yapı Malzemeleri A.Ş.
Address: İnönü Mahallesi, Kayışdağı Caddesi, Kandiş İş Merkezi, No:128 Kat:2 PK:34755 Ataşehir / Istanbul
Tel: 90 216 577 04 34 E-mail : firstname.lastname@example.org or email@example.com
Our Company preserves the right to update this "General Clarification Text and Confidentiality Policy" at any time within the framework of the changes that can be made in the current official legislation.
- COLLECTION, PROCESSING, PURPOSE OF PROCESSING PERSONAL DATA AND LEGAL GROUND
Our Company's policy regarding the General Clarification Text and Confidentiality has been prepared in accordance with the PPDL. In this context, your personal data may vary depending on the services, products or commercial activities provided by our Company; and it can be collected by automatic or non-automatic methods, offices, cameras, and our internet pages, and by similar means and verbally, in writing or electronically.
The relevant persons whose personal data are processed by our Company are notified with the Clarification Text and Explicit Consent Forms prepared separately for the persons whose personal data are processed. Personal data processed without explicit consent in the clarification texts are specified under Article 5 of the PPDL.
Data Processing Due to the Legal Obligation of the Company or Explicitly Provided for by the Law
Personal data may be processed without additional consent in case the processing is explicitly provided for by the relevant legislation or for the purpose of fulfilling a legal obligation set out in the legislation. The type and scope of data processing must be required for legally permitted data processing activity and must comply with the relevant legal provisions.
Collection and Processing of Data for Contractual Relationship
If a contractual relationship is established with our customers and suppliers, the collected personal data can be used without the customer's consent. However such usage is performed in line with the purpose of the agreement. The data is used to the extent required to execute the agreement better and in accordance with the requirements of the service and it is updated by contacting customers when required.
Your personal data can be collected through our Company's business units, Accounting Program database, PACS (Personnel Attendance Control System), Camera Records, website, parties and suppliers from which our Company receives services that are complementary or extensions of its activities, contracted organizations, business partners, suppliers and other similar channels, automatically or non-automatically, in writing, verbally or electronically.
- PROCESSING PERSONAL DATA OF SPECIAL NATURE
According to the PPDL, data of special nature is the personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data. Our Company also adequately takes measures specified by Protection of Personal Data Board in terms of processing personal data of special nature. In order to provide better service, our Company shall process personal data of special nature only by receiving the related person's consent and only to serve the purpose of its collection.
- TO WHOM AND FOR WHAT PURPOSES THE PROCESSED PERSONAL DATA SHALL BE TRANSFERRED
Your Personal Data can be transferred without the consent of the person concerned, if one of the conditions specified in paragraph 3 of Article 6 of the PPDL numbered 6698 are fulfilled, provided that adequate measures and the ones stated under paragraph 2 of Article 5 of the PPDL numbered 6698 are taken. Provisions in other laws regarding the transfer of Personal Data are preserved.
Your collected personal data may be transferred to our shareholders, business partners, suppliers, legally authorized public institutions and private individuals within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PPDL.
Our Company has the authority to transfer personal data abroad in accordance with the conditions determined in the PPDL, by the Protection of Personal Data Board, in accordance with the other conditions in the PPDL and after obtaining the explicit consent of the person for this purpose.
In the Clarification Texts prepared separately for the persons whose personal data are processed, it is stated to whom the personal data processed by our Company will be transferred.
- DURATIONS OF PROCESSING PERSONAL DATA
In accordance with the PPDL, your personal data, which has been processed for the purposes specified in the Clarification Text and Explicit Consent Forms prepared separately for the persons concerned, shall be erased or destructed by us, when the purpose of processing personal data has ceased to exist as per Article 7/1 of the PPDL and/or the statute of limitations that we are obliged to process your personal data as per the legislation expires.
- CIRCUMSTANCES WHERE YOUR PERSONAL DATA CAN BE PROCESSED WITHOUT EXPRESS CONSENT, ACCORDING TO THE LAW
In accordance with Article 5 of the PPDL, our Company may process the aforementioned personal data of yours, which it has received in accordance with the law, without seeking your explicit consent as follows:
- When it is explicitly provided for by the laws;
- When your personal data must be processed for the protection of life or physical integrity of yours or of any other person who is bodily incapable of giving the consent as the data owner due to the actual impossibility or whose consent is not deemed legally valid,
- When processing personal data belonging to the parties of an agreement, is necessary provided that it is directly related to the conclusion or fulfilment of that agreement which you have executed with our Company and its related companies/entities, real persons and/or legal entities,
- When it is compulsory for our Company to fulfill its legal obligation,
- When your personal data is made publicly available by you,
- When the data processing is mandatory for the establishment, exercise or protection of any right,
- When processing data is mandatory for the legitimate interests of our Company, provided that the processing does not violate your fundamental rights and freedoms.
- PROCESSING OF PERSONAL DATA ACCORDING TO THE PRINCIPLES PROVIDED IN THE LEGISLATION
Lawfulness and Conformity with Rules of Bona Fides
UNIGEN acts in accordance with the principles of legal regulations and general trust and bona fides in the processing of personal data. In this context, personal data is processed to the extent required by our Company's business activities and is limited to them.
Ensuring Personal Data Accuracy and Up-to-Date, When Necessary
UNIGEN, takes the necessary measures to ensure that personal data is accurate and up-to-date throughout the period of processing personal data, and carries out the necessary works to ensure the accuracy and up-to-dateness of personal data for certain periods.
As a rule, the data available at UNIGEN is processed upon declaration of persons concerned. UNIGEN do not have to investigate the accuracy of the data declared by customers or people who contact our Company and this is not done due to legal requirements and our working principles. The declared data is considered accurate. The principle of accuracy and timeliness of personal data has also been adopted by our Company. Our Company updates the personal data that it has processed upon the request of the person concerned or through official documents that it received. It takes necessary measures for that.
Being Processed for Specific, Explicit and Legitimate Purposes
UNIGEN explicitly puts forward the purposes for which it processes personal data and processes the same for purposes relating to its commercial activities, in line with such activities.
Being Relevant with, Limited to and Proportionate to the Purposes for which it is Processed
UNIGEN processes personal data only to the nature and extent required by its business activities and such process is limited to the determined goals.
Being Retained for the Period of Time State by the Relevant Legislation or for the Purpose for which It is Processed
UNIGEN, retains personal data for the period that is required for the purpose for which it is processed and for the minimum period of time stated in the legal legislation to which the relevant activity is subject. Personal data is destructed at the end of the specified retention periods in accordance with the periodic destruction periods or upon the application of the data owner and by using the determined destruction methods (erasure and/or destruction and/or anonymization).
- MAXIMUM SAVINGS AND STINGINESS PRINCIPLE
According to this principle of ours, which is called the principle of maximum savings or the principle of stinginess, the data received by UNIGEN is processed into the system only as much as necessary. Accordingly, it is determined as to which data we should collect by basing on the purpose. Unneeded data is not collected. Other data transferred to our Company is likewise transmitted to company information systems. Redundant information is not saved, but erased or anonymized. Such data may be used for statistical purposes.
- CONFIDENTIALITY AND DATA SECURITY POLICY
Personal data is confidential and UNIGEN conforms to this confidentiality. Personal data can be accessed only by authorized persons within the Company. All necessary technical and administrative measures are taken to protect the personal data collected by our Company, to prevent unauthorized persons to obtain the same and to prevent the data owner from suffering. In this context, it is ensured that the software complies with the standards, that the third parties are carefully selected and that the Information Security Policies are also complied with within the Company. The companies with whom we share personal data in accordance with the law are also requested to protect the data.
The payment for your purchase on Onto's website (www.onto.com.tr) is realized directly by our payment service provider and contracted banks over secure SSL encryption. Your personal payment information is never kept on our website, transmitted to third parties and not shared with third parties.
S/he accepted in advance that UNIGEN shall not be liable for any damages that s/he may incur due to the malware, viruses and other elements that s/he may be exposed to while using Onto (www.onto.com.tr) and Unigen website, unless this malware, virus and other element is sent by UNIGEN intentionally and/or grossly negligently, therefore, s/he will not make any claims from UNIGEN and that s/he will ensure the security of her/his own system with the protection systems that s/he will supply against viruses and similar malware.
In our corporation, the Access Authorization Policy, which states the conditions of access to information, user identification and erasure rules, has been prepared and published.
Antivirus software is active on all computers for protection from malware. With the Antivirus Policy, the practices carried out in our corporation are detailed.
All critical data is backed up in our corporation. The rules are detailed in the backup policy.
Employees and external users who use or have access to the assets of our corporation are provided awareness of the information security requirements of the assets of the related corporation with the information and information processing facilities and resources. These users are responsible for the use of all information processing resources and for all usages performed under their own responsibility. It is detailed in the Acceptable Usage of Assets Policy. The use of portable media devices (USB, External Disk, etc.) within the corporation is performed in a controlled manner. Authorizations for the use of these devices have been made.
Personnel Confidentiality and PPDL Agreement with our personnel working within our corporation, and Supplier Confidentiality and PPDL Agreements are conducted with our suppliers who access personal data. Undertakings regarding data security are received from our employees and suppliers.
UNIGEN makes necessary internal and external audits on the protection of personal data.
- NOTIFICATION OF VIOLATIONS
When UNIGEN is notified of any breach of personal data, it takes immediate action to remedy the violation. It minimizes the damage of the person concerned and compensates the damage. When personal data is obtained by unauthorized persons from outside, it immediately notifies the Protection of Personal Data Board.
- YOUR RIGHTS REGARDING YOUR PERSONAL DATA
By applying to our Company, you as a data owner have right;
- To learn as to whether your personal data is processed or not,
- To request information regarding your personal data if this was processed,
- To acquire information on the purpose of processing your personal data and as to whether this was properly used for its intended purpose,
- To acquire information on third persons to whom your personal data is transferred at home or abroad,
- To request correction of your personal data in case this was processed incompletely or inaccurately and to request notifications to be made to third persons to whom your personal data was transferred with regard to the transaction carried out under this content,
- To request deletion or destruction of your personal data despite it has been processed in accordance with the provisions of the Law numbered 6698 and other laws, in case the reasons necessitating its processing cease to exist and to request notifications to be made to third persons to whom your personal data was transferred with regard to the transaction carried out under this content,
- To object to the emergence of a result to your disadvantage that arose due to the processing of your data exclusively through automated systems,
- To demand compensation for the damage arising from the unlawful processing of your personal data.
If you submit your requests regarding the above-mentioned rights to our Company via e-mail at firstname.lastname@example.org or email@example.com or in accordance with other application procedures stated under the Communiqué on Application Procedures and Principles to Data Supervisor, we will finalize your request for free as soon as possible and within 30 (thirty) days at the latest, depending on the nature of your request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Protection of Personal Data Board may be charged.