Download
Data Policy
Data Policy
GÜNERİ MAKİNA SANAYİ VE TİCARET ANONİM ŞİRKETİ
PERSONAL DATA PROCESSING AND PROTECTION POLICY
Güneri Makina Sanayi ve Ticaret Anonim Şirketi (“We” or the “Company”), as the data controller, take all legal, technical and administrative measures foreseen in the legislation, in particular of the Law on Protection of Personal Data No. 6698 (“KVKK” or “Law”), regarding your personal data. We present this Personal Data Processing and Protection Policy (“Data Policy”) regarding the processing of your personal data.
DEFINITIONS
Personal Data: Any information relating to an identified or identifiable natural person.
Data Controller: The person who determines the purposes, methods, and principles of the processing of personal data.
Relevant Person: Real persons whose personal data are processed.
Processing of Personal Data: All kinds of operations performed on data such as classification or prevention of use or obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, deleting, making available personal data by fully or partially by automatic or non-automatic means, if such is a part of any data recording system.
Anonymization of Personal Data: Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Deletion of Personal Data: Making personal data inaccessible and unusable for relevant users in any way.
Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable, and unusable by anyone in any way.
METHODS OF COLLECTING PERSONAL DATA AND LEGAL GROUND
We collect your personal data through the job applications you make to us through career websites, e-mails sent to our company e-mails, calls you make to our company phone, your physical presence in our office, and through the information and documents you have physically transmitted to us by means that are automatic, semi-automatic and non-automatic, as part of any data system, for the following legal reasons:
Clearly stipulated in legislation,
Provided that it is directly related to the establishment or performance of the employment contract, it is necessary to process the personal data of the parties to the contract,
It is necessary for us to fulfill our legal obligation,
The relevant person has made the data public,
Data processing is mandatory for the establishment, exercise, or protection of a right,
Data processing is mandatory for the legitimate interests of the data controller, if it does not harm the fundamental rights and freedoms of the Relevant person.
PROCESSED PERSONAL DATA AND PURPOSE OF PROCESSING
Your personal data listed in the table below are processed in accordance with the following principles of:
Compliance with the law and rules of good faith,
Being accurate and up-to-date when needed,
Processing for specific, explicit, and legitimate purposes,
Being connected, limited and restrained with the purpose for which they are processed,
Being stored for the period required by the relevant legislation or for the purpose for which they are processed,
and strictly for the purposes listed in the table below.
Data Category
Purpose of Processing Personal Data
Identification
Name and surname, Date of birth, Place of birth, Marital status, RoT Identification number etc..
Execution of Information Security Processes
Execution of Employee Candidate / Intern / Student Selection and Placement Processes
Execution of Application Processes of Employee Candidates
Fulfillment of Employment Contract and Legislative Obligations for Employees
Execution of Benefits Processes for Employees
Conducting Educational Activities
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Execution of Communication Activities
Execution of Business Continuity Ensuring Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services After-Sales Support Services
Execution of Goods / Services Sales Processes
Execution of Performance Evaluation Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Follow-up of Requests / Complaints
Execution of Supply Chain Management Processes
Execution of Marketing Processes of Products / Services
Providing Information to Authorized Persons, Institutions and Organizations
Execution of Management Activities
Creating and Tracking Visitor Records
Contact
Address, E-mail address, Contact address, Phone number, etc.
Execution of Employee Candidate / Intern / Student Selection and Placement Processes
Execution of Application Processes of Employee Candidates
Fulfillment of Employment Contract and Legislative Obligations for Employees
Execution of Benefits and Benefits Processes for Employees
Conducting Educational Activities
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Execution of Assignment Processes
Follow-up and Execution of Legal Affairs
Execution of Communication Activities
Planning of Human Resources Processes
Execution / Supervision of Business Activities
Execution of Occupational Health / Safety Activities
Receiving and Evaluating Suggestions for Improvement of Business Processes
Execution of Logistics Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services After-Sales Support Services
Execution of Goods / Services Sales Processes
Execution of Goods / Services Production and Operation Processes
Execution of Customer Relationship Management Processes
Execution of Activities for Customer Satisfaction
Execution of Advertising / Campaign / Promotion Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Follow-up of Requests / Complaints
Execution of Supply Chain Management Processes
Execution of Marketing Processes of Products / Services
Ensuring the Security of Data Controller Operations
Providing Information to Authorized Persons, Institutions and Organizations
Execution of Management Activities
Personnel Services
Payroll information, Employment Certificate Records, Résumé information, Performance evaluation reports, etc.
Execution of Employee Candidate / Intern / Student Selection and Placement Processes
Execution of Application Processes of Employee Candidates
Fulfillment of Employment Contract and Legislative Obligations for Employees
Execution of Benefits and Benefits Processes for Employees
Conducting Educational Activities
Execution of Activities in Compliance with the Legislation
Execution of Assignment Processes
Follow-up and Execution of Legal Affairs
Planning of Human Resources Processes
Execution / Supervision of Business Activities
Execution of Occupational Health / Safety Activities
Receiving and Evaluating Suggestions for Improvement of Business Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Providing Information to Authorized Persons, Institutions and Organizations
Legal Action
Information provided in correspondence with legal authorities, Information situated in the case file, etc.
Execution of Activities in Compliance with the Legislation
Follow-up and Execution of Legal Affairs
Execution of Storage and Archive Activities
Providing Information to Authorized Persons, Institutions and Organizations
Customer Transactions
Billing information, Order information, Request information etc.
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Execution of Company / Product / Services Loyalty Processes
Follow-up and Execution of Legal Affairs
Execution / Supervision of Business Activities
Receiving and Evaluating Suggestions for Improvement of Business Processes
Conducting Business Continuity Ensuring Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services After-Sales Support Services
Execution of Good / Service Sales Processes
Execution of Goods / Services Production and Operation Processes
Execution of Customer Relationship Management Processes
Execution of Activities for Customer Satisfaction
Conducting Marketing Analysis Studies
Execution of Contract Processes
Follow-up of Requests / Complaints
Execution of Supply Chain Management Processes
Execution of Marketing Processes of Products / Services
Providing Information to Authorized Persons, Institutions and Organizations
Physical Area Security
Visitors' entry and exit records, Camera records, etc.
Execution of Emergency Management Processes
Execution of Information Security Processes
Execution of Activities in Compliance with the Legislation
Providing Physical Space Security
Execution of Occupational Health / Safety Activities
Execution of Risk Management Processes
Risk Management
Information processed for the management of commercial, technical, administrative risks, etc.
Execution of Emergency Management Processes
Execution of Information Security Processes
Execution of Activities in Compliance with the Legislation
Providing Physical Space Security
Follow-up and Execution of Legal Affairs
Execution of Risk Management Processes
Providing Information to Authorized Persons, Institutions and Organizations
Creating and Tracking Visitor Records
Professional Experience
Diploma information, Courses attended, In-service training information, Certificates etc.
Execution of Employee Candidate / Intern / Student Selection and Placement Processes
Execution of Application Processes of Employee Candidates
Fulfillment of Employment Contract and Legislative Obligations for Employees
Execution of Benefits and Benefits Processes for Employees
Conducting Educational Activities
Execution of Activities in Compliance with the Legislation
Execution of Assignment Processes
Receiving and Evaluating Suggestions for Improvement of Business Processes
Execution of Performance Evaluation Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Execution of Talent / Career Development Activities
Providing Information to Authorized Persons, Institutions and Organizations
Marketing
Cookie records etc.
Execution of Activities for Customer Satisfaction
Audio-Visual Records
Camera recordings, etc.
Execution of Emergency Management Processes
Execution of Information Security Processes
Providing Physical Space Security
Execution of Occupational Health / Safety Activities
Ensuring the Security of Data Controller Operations
Providing Information to Authorized Persons, Institutions and Organizations
Health Information
Information on disability status, blood type information, personal health information, etc.
Execution of Emergency Management Processes
Execution of Employee Candidate / Intern / Student Selection and Placement Processes
Execution of Occupational Health / Safety Activities
Providing Information to Authorized Persons, Institutions and Organizations
STORAGE OF PERSONAL DATA
Your personal data is stored by us within the limits specified in the Law and other relevant legislation. The reasons necessitating storage of this data are as follows:
• Storing personal data as it is directly related to the establishment and performance of contracts,
• Storing personal data for the purpose of establishing, exercising or protecting a right,
• It is obligatory to keep personal data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of individuals,
• Storing personal data for the purpose of fulfilling any legal obligations of the data controller,
• Explicitly stipulating the storage of personal data in the legislation,
• Explicit consent of data owners in terms of storage activities that require the explicit consent of data owners.
MEASURES TAKEN FOR THE SECURITY OF PERSONAL DATA
For the security of your personal data stored by us, the following measures are taken in accordance with the Law and relevant legislation.
Data Security Measures
Network security and application security are provided.
A closed system network is used for personal data transfers via the network.
Key management is implemented.
Security measures are taken within the scope of procurement, development and maintenance of information technology systems.
The security of personal data stored in the cloud is ensured.
Training and awareness activities are carried out periodically for employees on data security.
An authorization matrix has been created for employees.
Access logs are kept regularly.
Institutional policies on access, information security, use, storage and destruction have been prepared and started to be implemented.
Confidentiality commitments are made.
The authorizations of employees who have a change of job or quit their job in this field are removed.
Up-to-date anti-virus systems are used.
Firewalls are used.
The signed contracts contain data security provisions.
Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format.
Personal data security policies and procedures have been determined.
Personal data security issues are reported quickly.
Personal data security is monitored.
Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
The security of environments containing personal data is ensured.
Personal data is reduced as much as possible.
User account management and authorization control system is implemented, and these are also followed.
In-house periodic and/or random audits are conducted.
Log records are kept without user intervention.
Existing risks and threats have been identified.
Protocols and procedures for special quality personal data security have been determined and implemented.
If sensitive personal data is to be sent via e-mail, it must be sent in encrypted form and using a KEP or corporate mail account.
Intrusion detection and prevention systems are used.
Penetration test is applied.
Cyber security measures have been taken and their implementation is constantly monitored.
Encryption is done.
Personal data transferred in portable memory, CD and DVD media are encrypted and transferred.
Data processing service providers are periodically audited on data security.
Awareness of data processing service providers on data security is ensured.
Data loss prevention software is used.
TRANSFER OF PERSONAL DATA
Your personal data is shared by the following Recipient Group for the purposes of,
Fulfilling our obligations arising from the employment contract and legislation,
Necessities for the establishment and continuation of the employment contract with you,
Execution of activities in accordance with the legislation,
Conducting communication activities,
Planning of human resources processes,
Execution / supervision of business activities, carrying out occupational health / safety activities, receiving and evaluating suggestions for improvement of business processes, conducting business continuity activities, carrying out talent / career development activities.
Recipient Group
Real Persons or Private Law Legal Entities
Shareholders
Business Partners
Suppliers
Authorized Public Bodies and Establishments
Your personal data shall be transferred in accordance with the clarification text, limited only to the purposes specified in this clarification text, and if necessary, within the conditions stipulated in Articles 8 and 9 of the KVKK, if you have submitted your explicit consent.
OUR PERSONAL DATA STORAGE AND DISPOSAL POLICY
In accordance with the Regulation, the personal data of the data owners are deleted, destroyed or anonymized by us ex-officio or upon request in the following cases:
• In case it is necessary due to the amendment or repeal of the provisions of the relevant legislation, which is the basis for the processing or storage of personal data,
• The disappearance of the purpose that requires the processing or storage of personal data,
• Elimination of the conditions requiring the processing of personal data in Articles 5 and 6 of the Law,
• In cases where the processing of personal data takes place only based on explicit consent, the data subject withdraws his consent,
• The application made by the data subject regarding the deletion, destruction or anonymization of his personal data within the framework of his rights in Article 11 of the Law is accepted by the data controller,
• In cases where the data controller rejects the application made by the data subject to the request for the deletion, destruction or anonymization of his personal data, his response is found insufficient or he does not respond within the time stipulated in the Law; Complaining to the Board and approval of this request by the Board,
• The absence of any conditions justifying keeping personal data for a longer period, even though the maximum period for keeping personal data has passed.
Storage and Destruction Periods
The storage and destruction periods of your personal data obtained by us in accordance with the provisions of the Law and other relevant legislation have been determined as follows:
Data Category
Data Storage Period
Identification
10 years, which is the statutory mandatory period from the termination of the employment contract
Contact
During the continuation of the legal/commercial relationship and for 1 year after its complete termination
Personnel Services
10 years, which is the statutory mandatory period from the termination of the employment contract
Legal Action
Immediately upon expiration of legal obligations
Consumer Transactions
10 Years
Physical Area Security
35 days
Risk Management
Stored throughout the continuation of the relevant commercial transaction.
Professional Experience
10 years, which is the statutory mandatory period from the termination of the employment contract
Marketing
1 Month
Audio-Visual Recordings
35 days
Health Information
10 years, which is the statutory mandatory period from the termination of the employment contract
Personal data whose storage period has expired are anonymized, deleted or destroyed at regular intervals in accordance with the procedures set forth in this Data Policy and the opinions expressed by the Personal Data Protection Authority.
WHAT ARE THE RIGHTS OF THE RELEVANT PERSON?
By applying to us regarding your personal data, you have the right to;
Learn whether your personal data is processed,
If your data is processed, request information in relation to this,
Learn the purpose of processing your personal data and whether they are used in accordance with the purpose,
Know the third parties to whom personal data is transferred at home or abroad,
Request correction of your personal data if it is incomplete or incorrectly processed,
Request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
Request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom your personal data has been transferred,
Object to the emergence of a result against your interests by analyzing the processed data exclusively through automated systems,
Demand compensation for the damage in case you suffer damage due to the illegal processing of personal data.
As a relevant person, you can forward your requests regarding your rights listed above to us with a signed petition sent to info@gunerimakina.com. Requests received by us will be evaluated and finalized within 30 (thirty) days. Although we do not charge any fee for your requests, we reserve the right to charge a fee based on the tariff determined by the Personal Data Protection Board.
This Data Policy will be reviewed and updated every 6 (six) months, and the last update date is on 27.05.2022.