PROTECTION AND PROCESSING OF PERSONAL DATA POLICY
1. Introduction
T. C. According to Article 20 of the Constitution, everyone is entitled to the protection of personal data about him. As a Data Responsible for the protection of personal data, which is a constitutional right, Erdemoğlu Holding A.Ş. (Em Erdemoğlu Holding ”) with this personal data protection policy; The process of safeguarding the personal data processed by real persons such as company employees, job applicants, trainees, suppliers, supplier employees, subcontractors, subcontractor employees, third parties and visitors will be managed in a secure manner. Erdemoğlu Holding has taken all kinds of administrative and technical measures to protect the personal data processed in accordance with the Law on Protection of Personal Data No. 6698 and secondary legislation.
2. Purpose
The main purpose of Erdemoğlu Holding in implementing this Policy is to ensure that the administrative and technical measures taken within the scope of the personal data processing and data protection activities carried out in accordance with the law and the legal and commercial relations of the company, especially the employees, have automatic or Providing the security of personal data processed in non-automatic ways provided that it is part of the data recording system.
3. Scope
This Policy; In Erdemoglu Holding, all employees, especially subcontractors, subcontractor employees, suppliers, supplier employees, job applicants, trainees, third parties and visitors are processed automatically or non-automatically provided that they are part of any data recording system. personal data.
4. Purpose of Data Officer's Personal Data Processing
In this context, Erdemoğlu Holding processes personal data for the following purposes:
• Conducting corporate sustainability activities,
• Management of relations with suppliers and subcontractors,
• Carrying out personnel recruitment processes,
• Carrying out internal audit and legal procedures,
• Conducting corporate governance and communication activities,
• Demand and complaint management,
• Giving information to the authorized person or institutions from the legislation,
• Creation and follow-up of visitor records,
In the event that the processing carried out for the above-mentioned purposes does not meet any of the conditions stipulated in the Law No. 6698, Erdemoğlu Holding expressly consents the data to the relevant processing process.
5. Principles of Personal Data Processing
Within the scope of this Policy, Erdemoğlu Holding works on the following basic principles adopted in the processing of personal data:
• Processing personal data in accordance with the law and the rules of honesty,
• Keeping personal data accurate and up-to-date when necessary,
• Processing personal data for specific, clear and legitimate purposes,
• Processing of personal data related to the purpose for which it is processed, limited and limited;
• Maintaining personal data for the period required by the relevant legislation or for the purpose for which they are processed,
• Informing and informing the personal data owners,
• Establishing the necessary system for exercising the rights of personal data owners,
• Taking necessary measures in the storage of personal data,
• To comply with the relevant legislation and the regulations of the Personal Data Protection Board in transferring personal data to third parties in accordance with the requirements of the purpose of processing,
• To show the necessary sensitivity to the processing and protection of special personal data.
6. Terms of Personal Data Processing
Erdemoglu Holding processes personal data under this Policy under the following conditions:
• If the processing of personal data is clearly stipulated by law,
• The processing of personal data is directly relevant and necessary for the establishment or performance of a contract,
• If it is mandatory for Erdemoğlu Holding to fulfill its legal obligation,
• If the personal data is publicized by the data owner,
• If the processing of personal data requires the establishment, use or protection of the rights of the data owner or third parties,
• Providing personal data processing activities for the legitimate interests of Erdemoğlu Holding, provided that it does not harm the fundamental rights and freedoms of the data owner,
• If personal data processing is compulsory for the protection of the life or body integrity of the personal data owner or someone else and the personal data holder is unable to disclose his or her consent due to actual or legal invalidity, personal data is processed.
7. Securing Personal Data
Erdemoğlu Holding takes all kinds of technical and administrative measures required in accordance with the existing technological facilities and practices in order to ensure the processing of personal data in accordance with the law. In this context;
• The system established within the scope of personal data processing activities carried out within the company in order to ensure the processing of personal data in accordance with the law by the IT experts assigned by Erdemoğlu Holding is audited by the IT Department and the technical measures taken are reported to the senior management of the company periodically as per the internal audit mechanism.
• Employees are informed and trained on the protection of personal data law and the processing of personal data in accordance with the law.
• Business processes performed by all units operating within Erdemoğlu Holding were analyzed, personal data were identified, data processors were identified, job descriptions were made, and data processing agreements were signed with each of them.
• Personal data processing activities carried out by all departments of Erdemoğlu Holding; It is determined in accordance with the personal data processing conditions required by Law No. 6698.
• Documents that establish the legal relationship between Erdemoğlu Holding and its employees, trainees, employee candidates, subcontractors and suppliers are put in records that impose an obligation not to process, disclose, not use and share personal data unlawfully and raise awareness and audits of employees and other persons on this matter. .
• Erdemoğlu Holding takes technical measures in line with the developments in technology, and measures are updated periodically and renewed.
• Authorizations for access to Personal Data are limited, and authorization matrices are established and authorizations are reviewed regularly.
• Software and hardware including virus protection systems and firewalls are installed.
• They are regularly screened for security vulnerabilities in applications where personal data are collected.
• Employees are informed that the personal data learned by the business as required by the business cannot be disclosed to anyone in contravention of the provisions of the Law No. 6698 and that they cannot be used for any purpose other than processing purposes and that this obligation will continue after their resignation and the necessary commitments are taken accordingly.
• the contracts concluded with the subcontractors and suppliers with whom Erdemoğlu Holding has business relations (confidentiality agreement); necessary security measures are taken and compliance with these measures in their own institutions is added.
• In order to ensure the safe storage of personal data, legitimate backup programs are used.
• Access to data storage areas with personal data is logged, and improper access or access attempts are instantly communicated to those concerned.
8. Data Owner Rights and Application Process
The rights held under Article 11 of Law No. 6698 on personal data shared with the company within the scope of Erdemoğlu Holding's purposes and the methods of processing personal data are listed below:
• Learn whether personal data is processed,
• Request information if their personal data has been processed,
• To learn the purpose of processing personal data and whether the data is used in accordance with its purpose,
• Knowing third parties that personal data is being transmitted at home or abroad,
• Request correction of personal data if it is incomplete or incorrectly processed;
• To request the deletion or destruction of personal data in accordance with the conditions stipulated in Law no. 6698,
• Object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
• In the event of loss due to unlawful processing of personal data, it has the right to demand the loss of the damage.
In order to use the rights mentioned above, you can contact our company by using the “Application Form” on our website: http://www.erdemoglu.com.tr and the methods mentioned in this form.
The requests of the personal data holder submitted in accordance with the above application shall be submitted to Erdemoğlu Holding.
