Our story started with a dream. As Cemer Playground Equipment, with the awareness of being one of the pioneers in the industry, we have been managing the whole process from idea to production based on safety for 30 years. We provide you confidence.
Addressee: All natural persons whose Personal Data is processed by Cemer Kent Ekipmanları Tic. San. A.Ş., excluding employees of Cemer Kent Ekipmanları Tic. San. A.Ş.
Prepared by: Cemer Kent Ekipmanları Tic. San. A.Ş.
Approved by: Approved by the board of directors of Cemer Kent Ekipmanları Tic. San. A.Ş.
© Cemer Kent Ekipmanları Tic. San. A.Ş., 2020
This document may not be reproduced or distributed without the written permission of Cemer Kent Ekipmanları Tic. San. A.Ş.
PROCESSING AND TRANSFER OF PERSONAL DATA
PERSONAL DATA CATEGORIES AND DATA SUBJECT GROUPS
METHOD AND LEGAL BASIS FOR COLLECTING PERSONAL DATA
PURPOSES OF PROCESSING PERSONAL DATA
PURPOSES OF TRANSFERRING PERSONAL DATA AND RECIPIENTS
DESTRUCTION AND RETENTION PERIODS OF PERSONAL DATA
INFORMATION FOR DATA SUBJECTS AND RIGHTS UNDER KVKK
Cemer Kent Ekipmanları Tic. San. A.Ş. ("Company") attaches utmost importance to protecting the fundamental rights and freedoms of individuals, particularly the privacy of private life regulated in Article 20 of the Constitution, in the protection and processing of personal data. In this framework, the Company takes care to protect and process personal data in accordance with the law under Law No. 6698 on Protection of Personal Data ("Law" or "KVKK") and acts with this understanding in all its planning and activities.
Our Company does not only consider the protection and processing of personal data, which is the foundation of privacy, within the scope of compliance with legislation, but places the value it gives to humans at the foundation of its approach. Our Company, acting with this awareness, takes all necessary administrative and technical measures for the lawful protection and processing of personal data.
The purpose of the Personal Data Protection and Processing Policy ("Policy") is to protect the fundamental rights and freedoms of individuals, particularly the privacy of private life regulated in Article 20 of the Constitution, to the maximum extent in the protection and processing of personal data processed completely or partially automatically or non-automatically as part of any data recording system in accordance with the purpose of the Law, and to inform personal data subjects (data subjects) about the obligations of our Company and the procedures and principles it will follow under the Law.
In line with the purpose of the Policy, it is aimed to ensure full compliance with legislation in personal data protection and processing activities carried out by our Company and to protect the right of personal data subjects to privacy and data security.
This Policy has been prepared for and will be applied to the following natural persons: Job Candidates, Family Members of Job Candidates, Employees, Subcontractor Employees, Subcontractor Authorized Persons, Company Shareholders/Partners, Company Authorized Persons, Interns, Family Members of Employees/Authorized Persons/Shareholders/Interns, Service Provider Employees, Service Provider Authorized Persons, Scholarship Recipients, Customer Authorized Persons, Customer Employees, Business Partners, Business Partner Authorized Persons, Business Partner Employees, Supplier Employees, Supplier Authorized Persons, Potential Customer Authorized Persons, Potential Customer Employees, Visitors, Consumers, Participants, Jury Members, Auditors, Environmental Consultants, Students and Third Parties.
The Company informs these personal data subjects about the Law by publishing this Policy on its website. This Policy will not apply to legal entities regardless of their capacity. For our Company employees, the "Personal Data Processing Policy for Employees" will apply.
This Policy will apply to the above-mentioned data subjects when their personal data is processed by our Company completely or partially automatically or non-automatically as part of any data recording system.
The concepts used in the application of this Policy have the meanings given below:
Explicit Consent: Consent given regarding a specific matter, based on information and expressed by free will.
Making Public: The concept of making public, meaning "making known by everyone," is listed in Article 5 of Law No. 6698 as one of the exceptions to the requirement of "obtaining explicit consent from the natural person whose personal data is processed" necessary for processing personal data.
Obligation to Inform: The obligation of the data controller to inform the persons whose personal data it processes about by whom, for what purposes and on what legal grounds these data can be processed, and to whom and for what purposes they can be transferred.
Relevant User: Persons who process personal data within the data controller organization or in line with the authority and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of data.
Destruction: Refers to the deletion, destruction or anonymization of personal data.
Processing of Personal Data: Any operation performed on data such as obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of Personal Data completely or partially automatically or non-automatically as part of any data recording system.
KVKK Board: Personal Data Protection Board.
Data Subject / Personal Data Subject: Natural persons whose Personal Data (including special categories of personal data) is processed.
Personal Data: Any information relating to an identified or identifiable natural person.
Institution: Personal Data Protection Authority consisting of the Board and Presidency.
Automatic Data Processing: Processing activity carried out by devices with processors such as computers, phones, watches, etc., which is performed automatically without human intervention within the scope of algorithms prepared in advance through software or hardware features.
Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and attire, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are special categories of data.
Registry: Data Controllers Registry.
Company / Our Company: Cemer Kent Ekipmanları Tic. San. A.Ş.
Data Processor: A natural or legal person who processes Personal Data on behalf of the data controller based on the authority given by the data controller.
Data Recording System: Refers to the recording system in which Personal Data is structured and processed according to certain criteria.
Data Category: A class of personal data belonging to a data subject group or groups where personal data is grouped according to common characteristics.
Data Subject Group: The group of data subjects whose personal data is processed by the data controller.
Data Controller: A natural or legal person who determines the purposes and means of processing Personal Data and is responsible for establishing and managing the data recording system.
The Policy, prepared by Cemer Kent Ekipmanları Tic. San. A.Ş. and entered into force, is published on the Company's website (www.cemer.com.tr) and made available to data subjects.
Our Company takes all necessary administrative and technical measures to securely store personal data, prevent unlawful processing and access to personal data, and ensure an appropriate level of security in accordance with the Law. The administrative and technical measures taken regarding the security of personal data are regulated in detail in our Company's Personal Data Storage and Destruction Policy.
Our Company has established a "Personal Data Protection Management System" to ensure compliance with the Law and other legislation, and has formed a Personal Data Protection Committee within its organization to ensure the implementation of the Policy and other related policies.
Our Company conducts and has conducted the necessary audits to ensure the establishment of the data security described above and the regularity and continuity of the measures taken. The Personal Data Protection Committee audits the measures taken for the security of personal data.
Our Company takes all necessary administrative and technical measures according to technological possibilities and implementation costs to ensure that relevant data controllers and data processors do not disclose the personal data they possess to others contrary to the Law and Policy provisions and do not use them for purposes other than processing. In this context, information and training activities about the Law and Policy are carried out for company employees, and confidentiality agreements are signed as part of the recruitment process for relevant employees.
In case personal data processed by our Company is obtained by others in ways that are not in accordance with the law, our Company carries out the necessary procedures for notifying the data subject and the KVKK Board within the periods determined by the KVKK Board. If deemed necessary by the KVKK Board, this situation is announced on the KVKK Board's website or by another method deemed appropriate by the KVKK Board.
Our Company observes all legal rights of data subjects regarding the implementation of the Policy and the Law and takes all necessary measures to protect these rights.
Data relating to people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and attire, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are special categories of personal data.
Our Company is aware that special categories of personal data are data that may cause the data subject to be victimized or subjected to discrimination if learned by others, and therefore takes the adequate measures determined by the Board with sensitivity for the protection of such personal data processed in accordance with the law. In this framework, it has a separate policy (Special Categories of Personal Data Security Policy) and procedure that is systematic, with clearly defined rules, manageable and sustainable.
Personal data is processed by our Company in accordance with the procedures and principles provided for in the Law and this Policy. Our Company complies with the following principles when processing personal data:
Our Company processes personal data in accordance with relevant legislation and the requirements of the rule of honesty and uses them within these limits. In accordance with the principle of compliance with the rule of honesty, our Company takes into account the interests and reasonable expectations of data subjects while trying to achieve its goals in data processing.
Our Company ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of data subjects. In this context, it carefully considers issues such as the sources from which data is obtained being specific, confirming their accuracy, and evaluating whether they need to be updated.
Our Company determines the purpose of data processing clearly and precisely and ensures that this purpose is legitimate. The legitimacy of the purpose means that the personal data processed by our Company is related to and necessary for the business it carries out or the service it provides.
Our Company pays attention to ensuring that the processed personal data is suitable for achieving the determined purposes and avoids processing data that is not related to achieving the purpose or is not needed.
Our Company complies with the periods provided for in relevant legislation for the storage of data; otherwise, it preserves personal data only for the period necessary for the purpose for which they are processed.
Our Company does not process personal data without the explicit consent of the data subject. Personal data can only be processed without seeking the explicit consent of the data subject if one of the following conditions exists:
Our Company does not process special categories of personal data without the explicit consent of the data subject. Special categories of personal data can only be processed if one of the following conditions exists:
Our Company may transfer personal data to third parties by taking necessary security measures in accordance with Article 8 of the Law, based on and limited to one or more of the personal data processing conditions specified below.
Personal data is categorized and processed by our Company as follows:
Identity: Name-surname, Turkish ID number, marital status, mother-father name surname, place and date of birth
Contact: Phone number, address, e-mail address, KEP, fax number
Personnel: CV, title information, entry-exit document records, social security information
Location: Location information, OGS, vehicle recognition and meal card system data
Legal Transaction: Power of attorney information, court decisions, lawsuit files
Customer Transaction: Request information, order information, invoice, promissory note, check information
Physical Space Security: Entry-exit records, security camera records, vehicle license plate
Transaction Security: IP address information, website traffic information, password information
Finance: Bank account information, credit information, assets and insurance information
Professional Experience: Diploma, transcript, education/course/certificate information, driver's license information, foreign language information
Marketing: Customer number, campaign information, order information, habit/preference reports
Visual and Audio Records: Photographs, camera and voice recordings, video interview recordings
Communication Records: Corporate phone call records, corporate mail and e-mail records
Health Information: Examination information, health reports, disability status, blood group information
Criminal Conviction and Security Measures: Criminal record
Biometric Information: Fingerprint recording, face, eye scanning
Only natural persons can benefit from the protection of this Policy and the Law. Personal data subjects in this scope are grouped as follows:
Job Candidate: Natural persons who have applied for a job to our Company in any way.
Family Members of Job Candidates: Family members of natural persons who have applied for a job.
Company Shareholder/Partner: Persons who are shareholders/partners of Cemer Kent Ekipmanları Tic. San. A.Ş.
Company Authorized Person: Persons who are authorized persons of Cemer Kent Ekipmanları Tic. San. A.Ş.
Intern: Natural persons doing internships at our Company.
Customer Authorized Person: Natural person authorized persons of dealers, distributors, sales points, etc. that deliver our Company's products to end consumers within the scope of contractual relationship.
Customer Employee: Identifiable employees of customer legal entities.
Service Provider Authorized Person: Natural person authorized persons of independent entities that our Company has business relationships with.
Service Provider Employee: Natural person employees of service provider legal entities.
Subcontractor Authorized Person: Authorized persons of legal entities with which our Company has established a main employer-subcontractor relationship through a contract.
Subcontractor Employee: Identifiable employees of subcontractor companies.
Supplier Authorized Person: Authorized persons of legal entities that provide input, raw materials or products to our Company.
Supplier Employee: Identifiable employees of supplier companies.
Business Partner: Independent natural persons with whom our Company has business relationships.
Business Partner Authorized Person: Natural person authorized persons of business partner legal entities.
Business Partner Employee: Identifiable employees of business partner companies.
Scholarship Recipient: Natural persons who receive scholarships from our Company.
Potential Customer Authorized Person: Authorized persons of natural persons who have shown interest in our products and services.
Potential Customer Employee: Employees of potential customer companies.
Consumer: Natural persons who use the products and services offered by our Company.
Participant: Natural persons participating in design competitions organized by Cemer.
Jury Members: Natural persons who evaluate design competitions.
Auditor: Natural person who audits our Company's compliance with legislation.
Environmental Consultant: Natural person who evaluates compliance with environmental legislation.
Student: Natural persons who request academic support from the Company.
Family Members of Employees/Shareholders/Authorized Persons/Interns: Family members of relevant personnel.
Third Party: Persons who do not fall into other categories.
Visitor: All natural persons who enter our Company's physical premises or websites.
Our Company collects personal data completely or partially automatically or non-automatically; in all kinds of verbal, written, electronic environments; through the following channels, but not limited to:
Our Company collects personal data based on one of the legal reasons specified below in accordance with Articles 5 and 6 of the Law:
Data Categories: Identity, Contact, Professional Experience, Physical Space Security, Health Information, Criminal Conviction and Security Measure Information
Processing Purposes: Conducting Job Candidate Application Processes, Conducting Selection and Placement Processes, Conducting Communication Activities, Ensuring Physical Space Security, Conducting Audit/Ethics Activities, Conducting Emergency Management Processes
Data Categories: Identity, Contact, Personnel, Legal Transaction, Finance, Professional Experience, Physical Space Security, Health Information, Biometric Information
Processing Purposes: Emergency Management, Employee Satisfaction, Employment Contract/Legal Obligations, Side Benefits, Audit/Ethics Activities, Finance and Accounting, Physical Space Security, Legal Affairs, Communication Activities, Business Activities, Occupational Health/Safety, Organization and Event Management, Advertising/Campaign/Promotion, Contract Processes, Sponsorship Activities, Wage Policy, Investment Processes, Information to Authorized Institutions, Management Activities
Data Categories: Identity, Contact, Legal Transaction, Customer Transaction, Finance, Marketing, Communication Records
Processing Purposes: Compliance Activities, Finance and Accounting, Company/Product/Service Loyalty, Legal Affairs, Communication Activities, Business Activities, Business Continuity, Logistics Activities, After-Sales Support, Sales Processes, Purchasing Processes, Production and Operations, Customer Relations Management, Customer Satisfaction, Marketing Analysis, Advertising/Campaign/Promotion, Contract Processes, Request/Complaint Follow-up, Product/Service/Marketing Processes
In our Company's buildings and facilities, entries and exits are recorded and monitoring is carried out with cameras in common areas for security purposes. Information about this is available in areas where camera monitoring is carried out.
Records related to internet access provided in our Company's buildings and facilities are recorded in accordance with Law No. 5651 on Regulation of Publications Made in Internet Environment and Combating Crimes Committed through These Publications and other legislation, and these records can be shared with authorized public institutions and organizations upon request.
Traffic information of online visitors visiting our website is automatically processed for the purpose of conducting information security processes. On the other hand, service providers have an obligation to record and store website traffic information in accordance with Law No. 5651 and other legislation.
Communications made through channels such as corporate e-mail correspondence, internet access logs, etc. are audited and recorded by our Company for the purpose of conducting information security processes and conducting access authorization.
Our Company transfers personal data limited to the following purposes within the framework of the conditions specified in Articles 8 and 9 of the Law:
Our Company may transfer personal data to the following persons and organizations, limited to the data subject groups and data required by the transfer purpose:
Our Company deletes, destroys or anonymizes the personal data it has processed in accordance with the Law and other law provisions, either ex officio or upon the request of the data subject, in accordance with the Personal Data Storage and Destruction Policy when the reasons requiring their processing cease to exist.
Deletion of personal data: Refers to the process of making personal data completely inaccessible and unusable for relevant users.
Destruction of data: Refers to the process of making personal data completely inaccessible, irretrievable and unusable by anyone.
Anonymization of data: Refers to the process of making personal data unable to be associated with any identified or identifiable natural person through techniques such as masking, variable extraction, generalization, etc., even if matched with other data.
Our Company stores personal data in accordance with the periods provided for in laws and other legislation. If there is no storage period provided for in laws, personal data is stored for the period necessary to achieve the purpose of processing that personal data in accordance with our Company's Personal Data Storage and Destruction Policy, and then deleted, destroyed or anonymized within the framework of periodic destruction periods.
Our Company informs data subjects in accordance with Article 10 of the KVKK Law when obtaining personal data. In this context, it clarifies the identity of the Company representative, if any, for what purpose personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of the personal data subject.
This Policy and Law provisions will not apply in the following cases:
Rights of persons whose personal data is processed in accordance with Article 11 of the Law:
Requests and applications can be made:
Written Application: By filling out the application form on www.cemer.com.tr and delivering it in person to "Bahçelievler, 430 Sk. No:16 35375 Torbalı/İzmir" address or sending it through notary
Electronic Application: Using secure electronic signature or mobile signature to KEP address "cemerkent@hs01.kep.tr"
E-mail: To "muhasebe@cemer.com.tr" address if there is an e-mail address previously notified to our Company
Our Company processes the requests in the application free of charge as soon as possible and at the latest within thirty days, depending on the nature of the request. If the said operation requires additional cost, the fee determined by the Board may be charged.
In case of rejection of the application, finding the response insufficient, or not responding to the application in time; the data subject has the right to complain to the Board within thirty days from the date of learning the response and in any case within sixty days from the application date.
This policy is published at www.cemer.com.tr and updates will be announced at the same address.
