PERSONAL DATA PROTECTION POLICY

 

 

 

 

  1.  AIM ............................................................................ 3
  2.  SCOPE ............................................................................... 3
  3.  IMPLEMENTATION OF THE POLICY ......................................................... 3
  4.  ISSUES REGARDING THE PROTECTION OF PERSONAL DATA .................................. 4
  5.  PROTECTION OF SPECIAL NATURE PERSONAL DATA .................................. 5
  6.  KİŞİSEL VERİLERİN İŞLENMESİ POLİTİKASI .......................................... 5
6.1. Principles to be Complied with Regard to the Processing of Personal Data .................... 5

6.1.1 Applications; ............................................................... 5

6.1.2   Conditions ............................................................... 6

6.2. Purposes of Processing Personal Data ........................................ 6

6.2.1. Conditions for Processing Personal Data .................................. 6

6.2.2. Objectives; ................................................................. 7
  1.  TRANSFER OF PERSONAL DATA ......................................................... 8
7.1. Transfer of Personal Data Domestically ...................................... 8

7.2. Transfer of Personal Data Abroad ...................................... 8

7.3. Institutions and Organizations to Which Transfers Are Made ............................. 9
  1.  BUILDING ENTRANCES, PERSONAL DATA PROCESSING ACTIVITIES WITHIN THE BUILDING AND WEBSITE VISITORS ......................................................................... 9
  2.  RIGHTS OF THE PERSON WHOSE PERSONAL DATA IS PROCESSED .................................. 9
  3.  DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA ............. 10
  4.  PERSONAL DATA OWNER'S EXERCISE OF HIS RIGHTS .................................. 11
  5.  CASES WHERE THE PERSONAL DATA OWNER CANNOT ASK FOR HIS RIGHTS ..................... 12
  6.  OTHER MATTERS ................................................................ 12

 

 

 

 

 

 

 

 

1.   PURPOSE

 

The purpose of this policy is to regulate the methods and principles to be followed to ensure that ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ personal data is processed and protected in accordance with the Personal Data Protection Law (PDPL) published in the Official Gazette dated April 7, 2016 and numbered 29677.

 

2.   SCOPE

 

This policy is applied to all activities carried out for the processing and protection of personal data managed by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ.

This policy is related to all personal data processed by our employees, officers, customers' employees, partners, officers, employees of institutions we cooperate with, our suppliers and other third parties.

 

3. IMPLEMENTATION OF THE POLICY

 

In the process of processing and protecting personal data, the relevant legislation provisions in force will be applied as a priority. In case of a conflict between the legislation provisions and the policy provisions, ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ accepts that the current legislation provisions will prevail.

The policy is formed by regulating the practices of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ in accordance with the rules set forth by the relevant legislation.

 

(1) Data controller;

 

  1. a) To prevent the unlawful processing of personal data,
  2. b) To prevent unlawful access to personal data,
  3. c) To ensure the protection of personal data,

It must take all necessary technical and administrative measures to ensure an appropriate level of security.

 

Main sources of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ’s obligations regarding data protection:

  • PDPL
  • The European Union General Data Protection Regulation (GDPR) applies to the use of personal data within the European Union.
  • Information security standards and procedures

 

4.   ISSUES REGARDING THE PROTECTION OF PERSONAL DATA

 

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ conducts a risk analysis that determines what personal data are and what risks may arise regarding the protection of these data, and takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of personal data processed in accordance with Article 12 of the PDPL, to prevent unlawful access to personal data and to ensure the preservation of personal data.

 

The main measures taken are listed below.

 

  • All activities carried out by our company have been analyzed in detail for all business units and as a result of this analysis, a process-based personal data processing inventory has been prepared. Risky areas in this inventory are identified and necessary legal and technical measures are constantly taken.
  • Personal data processing activities carried out by our company are audited with information security systems, technical systems and legal methods.
  • Personnel specialized in technical matters are employed.
  • Our company has determined provisions regarding confidentiality and data security in the Employment Contracts to be signed during the recruitment process of employees and requires employees to comply with these provisions. Employees are regularly informed and trained on the law on the protection of personal data and taking the necessary measures in accordance with this law. The roles and responsibilities of employees have been reviewed within this scope and job descriptions have been revised. In addition, employees' actions contrary to the PDPL have been regulated as a separate article in our company's disciplinary procedures.
  • Subcontractors are informed about personal data protection law and taking necessary measures in accordance with this law.
  • Personal data processing carried out by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ and its subcontractors; the matters that must be complied with in order to ensure compliance with the personal data processing conditions sought by the PDPL are fulfilled.
  • The contracts executed by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ have been examined in terms of PDPL and necessary changes have been made.
  • Technical measures are taken in accordance with technological developments, and the measures taken are periodically checked, updated and renewed.
  • Access rights are limited and reviewed regularly.
  • The technical measures taken are regularly reported to the authorized person, and the issues that pose a risk are reviewed and efforts are made to produce the necessary technological solutions.
  • Software and hardware including virus protection systems and firewalls are installed.
  • Backup programs are used to ensure the safe storage of personal data.
  • Security systems are used for storage areas, technical measures taken are periodically reported to the relevant party as required by internal controls, risky issues are re-evaluated and necessary technological solutions are produced.
  • In parallel with the work of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ, ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ’s systems are being brought into compliance with the EU General Data Protection Regulation (GDPR).
  • In order to be cautious against any personal data security breach, crisis and reputation management were discussed, and in this context, the KVK Committee and the processes for informing the relevant person were designed.

 

5. PROTECTION OF SPECIAL NATURE PERSONAL DATA

 

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ carries out the necessary activities to ensure the security of special personal data and takes all technical and administrative measures to ensure that these data are processed in accordance with the law and to comply with the legal requirements and the sufficient measures determined by the Board.

 

6.   PERSONAL DATA PROCESSING POLICY

 

6.1. Principles to be Complied with Regard to the Processing of Personal Data

 

All personal data processed by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ is processed in accordance with the PDPL and the relevant legislation. ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ processes personal data in accordance with the law and the rules of honesty, in accordance with the right and up-to-date, specific, clear and legitimate purposes, in a purpose-related, limited and proportionate manner, in accordance with the article 4 of the PDPL:

 

  • Processing in Accordance with Law and Fairness: ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ; acts in accordance with the principles brought by legal regulations and the general trust and honesty rule in the processing of personal data. In this context, ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ takes into account the proportionality requirements in the processing of personal data and does not use personal data for purposes other than those required.
  • Ensuring that Personal Data is Accurate and Up-to-Date when Necessary: ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ; takes into account the fundamental rights of personal data owners and its own legitimate interests and ensures that the personal data it processes is accurate and up-to-date.
  • Processing for Specific, Clear and Legitimate Purposes: ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ clearly and precisely determines the legitimate and lawful purpose of processing personal data. ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ processes personal data in connection with the products and services it offers and to the extent necessary for them. The purpose for which personal data will be processed by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ is determined before the personal data processing activity begins.
  • Being Relevant, Limited and Proportionate to the Purpose for Which They Are Processed: ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ processes personal data in a manner suitable for the realization of the determined purposes and avoids the processing of personal data that is not relevant or needed for the realization of the purpose.
  • Preservation for the period required by the relevant legislation or for the purpose for which they are processed: ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ stores personal data only for the period specified in the relevant legislation or required for the purpose for which they are processed. In this context, ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ first determines whether a period is specified in the relevant legislation for the storage of personal data, if a period is specified, it acts in accordance with this period, if no period is specified, it stores personal data for the period required for the purpose for which they are processed. In the event that the period expires or the reasons requiring processing are eliminated, personal data is deleted, destroyed or anonymized by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ.

 

 

6.1.1 Applications;

 

  1. a) Collection: Our company may obtain personal data for predefined and legally compliant purposes related to its corporate business.
  2. b) Processing: He/she may only use personal data if he/she has a basis to use the data under applicable law and if the purpose for which the data was obtained is lawful and fair.
  3. c) Data Reduction: It may obtain and use personal data in limited circumstances, in accordance with the purpose of use of personal data and in relation to this purpose.
  4. d) Retention: Personal data is only processed:
  • As long as it is necessary for the purpose of using the data by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ.
  • If required by professional standards or policies, and
  • It may be stored in cases where it is required or permitted by law.

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ deletes, destroys or permanently anonymizes all other personal data it uses.

 

  1. e) Transfer: ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ may only transfer personal data in accordance with the applicable laws unless otherwise agreed.

 

  1. ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ has a legal basis in all matters and the transfer:

 

  1. To a third party data controller in the European Union or to safe countries with which they have concluded a binding contract to limit the use of personal data only to the agreed purpose and to implement appropriate technical and organisational measures to protect personal data against unauthorised use.
  2. To a third party data controller that is not in the European Union or a safe country list, if the third party data controller meets the standard data protection clauses applied by the EU Commission under EU Commission Decision 2004/915/EC or Article 46(2) of the GDPR or any of the conditions set out in point (6.1.2) below.

 

  1. The transfer is required to be made in accordance with a legal obligation and ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ only transfers the part of personal data that must be disclosed in order to comply with the relevant law.

 

6.1.2 Conditions

In order for the above-mentioned European Union personal data to be transferred to a data controller or data processor that does not have the safeguards included in the EU standard contractual clauses, the following conditions must be met:

 

  1. The data owner must expressly consent to the relevant transfer after being informed about the possible risks that may arise in the absence of necessary protection and measures, or
  2. The transfer is necessary for one of the following situations:

 

  1. To carry out a contract between the data owner and our company or to implement pre-contractual measures at the request of the data owner.
  2. To execute a contract with ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ or another party in line with the interests of the data owner.
  3. To protect the vital interests of the data owner and other parties in cases where the data owner is unable to give consent due to physical impossibility or legal reasons.

 

6.2. Purposes of Processing Personal Data

 

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ, in accordance with Article 10 of the PDPL, informs the relevant persons during the collection of personal data. In this context, our company informs the persons about the identity of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ and its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of the relevant persons within the scope of Article 11 of the PDPL.

 

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ processes personal data limited to the following conditions within the personal data processing conditions specified in Articles 5 and 6 of the PDPL and in line with the following purposes.

 

 

6.2.1. Conditions for Processing Personal Data

 

  • The Laws clearly stipulate that ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ will engage in activities related to the processing of personal data, excluding personal data related to health and sexual life,
  • The processing of personal data by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ is directly related to and necessary for the establishment or performance of a contract; Personal information may be processed in the phase of initiating the contract prior to the contract in order to prepare an offer, prepare a purchase form or meet the demands of the relevant person in connection with the outcome of the contract. During the contract preparation process, the relevant persons may be contacted in light of the information they have provided.
  • If the processing of personal data is necessary for our company to fulfill its legal obligations; personal information is also freely processed if the law requests, requires or permits such transactions. Data transactions must be necessary for legally permitted data processing activities in terms of type and scope and must comply with the relevant legal provisions.
  • Provided that personal data is made public; in a limited way for the purpose of making it public

Processed by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ,

  • The processing of personal data by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ is mandatory for the establishment, exercise or protection of the rights of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ or the persons whose data is processed or third parties,
  • If it is necessary to process personal data for the legitimate interests of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ, provided that the fundamental rights and freedoms of the persons whose data are processed are not violated; personal data may also be processed in cases where ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ has a legitimate interest. Legitimate interests are interests that are in accordance with law, morality and etiquette, as well as material interests.
  • If the personal data processing activity by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ is mandatory for the protection of the life or physical integrity of the personal data owner or someone else, and in this case the personal data owner is unable to express his/her consent due to actual impossibility or legal invalidity,
  • Special personal data, other than the health and sexual life of the personal data owner, in cases prescribed by law.

 

In the absence of the above-mentioned conditions; ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ seeks the explicit consent of personal data owners in person or through its relevant customers in order to process personal data.

 

6.2.2. Purposes;

 

  • Determining and implementing our institution's strategies and ensuring the execution of our company's human resources policies,
  • In line with the purpose of ensuring the implementation of human resources policies; providing suitable personnel for open positions in accordance with human resources policies, carrying out human resources operations in accordance with human resources policies and fulfilling obligations within the framework of Occupational Health and Safety and taking necessary measures,
  • In order to ensure that the services provided by our institution are fulfilled by the relevant business units; execution of services such as independent auditing, accounting services and consultancy etc. carried out by our institution,
  • Administrative operations for communication, auditor independence, risk management and quality control purposes carried out for the purpose of ensuring the legal and commercial security of our institution and the people who have a business relationship with our institution,
  • Relationship management, account management, internal financial reporting, provision of information technology (IT) services (storage, hosting, maintenance, support, use of central distributed server system are also included in this scope)
  • The processes and operations carried out for the purpose of determining and implementing the commercial and business strategies of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ, financial operations, communication, market research and social responsibility activities, execution of purchasing operations (demand, offer, evaluation, order, budgeting, contract)
  • ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ determination and implementation of commercial and business strategies, in-company system and application management,
  • Planning, auditing and executing information security processes, creating and managing information technology infrastructure,
  • Planning and execution of employee satisfaction and/or loyalty processes, planning and execution of fringe benefits and interests for employees, planning and execution of employees' access to information, monitoring and/or auditing of employees' work activities,
  • Monitoring of financial and/or accounting and legal affairs,
  • Planning and execution of market research activities for sales, marketing and/or promotion of business activities and services,
  • Planning and executing the information access authorizations of business partners and/or suppliers, management of relationships with business partners and/or suppliers,
  • Planning and execution of corporate communication activities, planning and/or execution of corporate risk management activities, planning and execution of corporate sustainability activities, planning and execution of corporate governance activities,
  • Planning and execution of corporate communication activities, planning and/or execution of corporate risk management activities, planning and execution of corporate sustainability activities, planning and execution of corporate governance activities,
  • Fulfilling the obligations arising from the employment contract and/or legislation for the company employees,
  • Ensuring the security of company assets and/or resources,
  • Planning and execution of external training activities,
  • Planning and execution of operational activities required to ensure that company activities are carried out in accordance with company procedures and/or relevant legislation,
  • Ensuring that data is accurate and up-to-date,
  • Planning and execution of talent-career development activities,
  • Providing information to authorized persons and/or organizations arising from legislation,
  • Creating and monitoring visitor records and ensuring the security of the company campus and facilities.

 

7. TRANSFER OF PERSONAL DATA

 

7.1. Transfer of Personal Data Domestically

 

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ is responsible for acting in accordance with the decisions and relevant regulations stipulated in the PDPL and taken by the PDPL Board regarding the transfer of personal data.

 

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ cannot transfer personal data and special data belonging to the relevant persons to other real persons or legal entities without the explicit consent of the relevant person. However, in cases where it is required by the PDPL and other laws, data may be transferred to the authorized administrative or judicial institution or organization in the manner and within the limits set forth in the legislation without the explicit consent of the relevant person.

 

In addition, in cases stipulated in Articles 5 and 6 of the Law, transfer is possible without the consent of the person concerned. ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ may transfer personal data to third parties located in Türkiye and other companies that are members of the ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ network under the roof of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ, in accordance with the conditions stipulated in the Law and other relevant legislation and by taking all security measures specified in the legislation, if there is an existing signed contract with the data owner, unless otherwise stipulated in the said contract and the Law or other relevant legislation.

 

7.2. Transfer of Personal Data Abroad

 

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ may transfer personal data to third parties in Türkiye, or to be processed in Türkiye or processed and stored outside Türkiye, including outsourcing, in accordance with the conditions stipulated in the Law and other relevant legislation as stated above, and by taking all security measures specified in the legislation, if there is an existing signed contract with the data owner, unless otherwise regulated in the said contract and the Law or other relevant legislation. In exceptional cases where explicit consent is not required for the transfer of personal data specified in the PDPL, in addition to the conditions for processing and transfer without consent, the condition of having sufficient protection in the country to which the data will be transferred is sought. The Personal Data Protection Board will determine whether sufficient protection is provided; in the absence of sufficient protection, the data controllers in both Türkiye and the relevant foreign country must undertake sufficient protection in writing and have the permission of the Personal Data Protection Board.

 

 

7.3. Institutions and Organizations to Which Transfers Are Made

 

The information requested by public legal entities within the scope of their relevant legislation is shared in accordance with Article 8 of the PDPL.

Other persons or organizations to whom personal data may be transferred for the purposes specified above are as follows; affiliated partnerships and/or domestic/overseas organizations and other third parties that are directly/indirectly domestic/overseas ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ receive services from, cooperate with, and are program partners within the scope of relevant contracts to carry out activities as ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ, which are jointly responsible for taking data security measures such as protecting all kinds of personal data, preventing unauthorized access and preventing unlawful processing.

 

8.   PERSONAL DATA PROCESSING ACTIVITIES CONDUCTED AT BUILDING ENTRANCES AND WITHIN THE BUILDING AND WEBSITE VISITORS

 

Personal data processing activities carried out by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ in building corridors and offices are carried out in accordance with the Constitution, PDPL and other relevant legislation. In order to ensure security by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ, corridors and office interiors in buildings where ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ workplaces are located are monitored with security cameras. Additional records are also kept at the entrances for guests.

 

Personal data processing activities are carried out by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ by using security cameras, door cards and recording at the entrance in order to increase the quality of the service provided, to ensure its reliability, to ensure the safety of life and property of the company, the data owner and other persons and to protect the legitimate interests of these persons.

 

The purpose of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ in continuing the monitoring activity with video cameras is limited to the purposes listed in this policy. In this context, the monitoring areas, numbers and when the security cameras will be monitored are implemented in a way that is sufficient and limited to achieve the security purpose. Areas that may result in an intervention in the privacy of the person in a way that exceeds the security purposes are not subject to monitoring.

 

Necessary technical and administrative measures are taken by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ in accordance with Article 12 of the PDPL.

 

Access to records recorded and stored in digital media is provided by a limited number of ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ employees. Persons who have access to the records are obliged to protect the confidentiality of the data within the framework of the confidentiality agreement.

 

9.   RIGHTS OF THE PERSON WHOSE PERSONAL DATA IS PROCESSED

 

Real persons whose personal data is processed by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ can apply to the company address in person or to the e-mail address ik@leta.com.tr and have the following information regarding themselves:

  1. Learning whether personal data is being processed,
  2. To request information regarding the processing of personal data,
  3. To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  4. To know the third parties to whom personal data is transferred, either domestically or abroad,
  5. To request correction of personal data if it is processed incompletely or incorrectly,
  6. Requesting the deletion or destruction of personal data in case the reasons requiring processing are eliminated, even though the personal data has been processed in accordance with the relevant legal provisions,
  7. To request that the operations carried out in accordance with clauses (d) and (e) be notified to third parties to whom personal data has been transferred,
  8. To object to a result that is to the detriment of the person himself/herself, as a result of the analysis of the processed data exclusively through automatic systems, For example, the employee's objection to the evaluation of an employee's performance and the work done by him/her by an automated system and analyzing it according to the analysis results will be evaluated within this scope..
  9. In case of damages due to unlawful processing of personal data, the person has the right to demand compensation for the damages.

 

 

10. DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

 

In accordance with Article 138 of the Turkish Penal Code and Article 7 of the PDPL, personal data is deleted, destroyed or anonymized in the event that the reasons requiring processing are eliminated, even though it has been processed in accordance with the relevant legal provisions, based on ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ’s own decision or upon a request from the personal data owner. In this context, ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ Data Storage and Destruction Procedure has been prepared.

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ reserves the right not to fulfill the request of the data owner in cases where it has the right and/or obligation to preserve personal data in accordance with the relevant legislation.

When personal data is processed by non-automatic means, provided that it is part of any data recording system, a system of physical destruction of personal data in a way that it cannot be used later is applied when the data is deleted/destroyed. When ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ agrees with a person or organization to process personal data on its behalf, personal data is securely deleted in a way that it cannot be recovered by these persons or organizations.

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ may anonymize personal data when the reasons requiring the processing of personal data processed in accordance with the law are eliminated.

 

The most commonly used anonymization techniques by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ are listed below:

 

(i) Masking

Data masking is a method of anonymizing personal data by removing the basic identifying information of personal data from the data set.

 

(ii) Aggregation

With the data aggregation method, many data are aggregated and personal data is made incapable of being associated with any person.

 

(iii) Data Generation

With the data generation method, a more general content is created from the content of personal data and personal data is made incapable of being associated with any person.

 

(iv) Data Hashing

With the data hashing method, the values ​​in the personal data set are mixed and the connection between the values ​​and the individuals is broken.

 

11. PERSONAL DATA OWNER'S EXERCISE OF HIS RIGHTS

 

Personal data owners can submit their requests regarding the rights listed above with information and documents that will identify them and prepared using the methods specified below or other methods determined by the Personal Data Protection Board and www.leta.com.tr/en They can fill out and sign the Personal Data Owner Application Form available at and send it to ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ free of charge.

 

After filling out the form in the link mentioned above, personal data owners can send a signed copy to Hamzabey OSB Mh 17. CD No:9 İnegöl / BURSA – Türkiye via a notary public or with an electronic signature to ik@leta.com.tr.

 

In order for third parties to request an application on behalf of personal data owners, there must be a special power of attorney issued by the data owner through a notary public on behalf of the person who will make the application.

 

If the personal data owner submits their request to ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ, ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ will finalize the relevant request within thirty days at the latest, depending on the nature of the request. If the transaction requested by the personal data owner requires an additional cost, the fee in the tariff determined by the Board may be charged. If the application is due to the error of the data controller, the fee charged will be returned to the relevant person.

 

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ may request information from the relevant person in order to determine whether the applicant is the personal data owner. ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ may ask questions to the personal data owner regarding his/her application in order to clarify the issues included in the personal data owner's application.

 

ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ may reject the application of the applicant by explaining the reason in the following cases:

 

(1) Processing of personal data for purposes such as research, planning and statistics by making them anonymous through official statistics,

(2) Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public safety, public order, economic security, privacy or personal rights or does not constitute a crime,

(3) Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security,

(4) Processing of personal data by judicial authorities or enforcement authorities in connection with investigation, prosecution, trial or execution proceedings,

(5) Processing of personal data is necessary for the prevention of crime or criminal investigation,

(6) Processing of personal data made public by the personal data owner,

(7) Personal data processing is necessary for the performance of supervisory or regulatory duties or disciplinary investigation or prosecution by authorized public institutions and organizations and professional organizations with the status of public institutions, based on the authority granted by law.

(8) Personal data processing is necessary to protect the economic and financial interests of the State in relation to budget, tax and financial matters,

(9) The request of the personal data owner may hinder the rights and freedoms of other persons,

(10) Requests requiring disproportionate effort have been made,

(11) The requested information is publicly available information.

 

12. CASES WHERE THE PERSONAL DATA OWNER CANNOT EXERCISES HIS RIGHTS

 

Since the following situations are excluded from the scope of the Personal Data Protection Law in accordance with Article 28 of the Personal Data Protection Law, personal data owners cannot assert their rights listed above in these matters:

 

  • Processing of personal data for purposes such as research, planning and statistics by making them anonymous through official statistics,
  • Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public safety, public order, economic security, privacy or personal rights or does not constitute a crime,
  • Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security,
  • Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings.

 

According to Article 28/2 of the PDPL; in the cases listed below, personal data owners cannot assert their other rights listed in Article 9, except for the right to demand compensation for damages:

 

  • Processing of personal data is necessary for the prevention of crime or criminal investigation,
  • Processing of personal data made public by the personal data owner,
  • The processing of personal data is necessary for the execution of supervisory or regulatory duties or disciplinary investigation or prosecution by authorized public institutions and organizations and professional organizations with the status of public institutions, based on the authority granted by law,
  • The processing of personal data is necessary to protect the economic and financial interests of the State in relation to budgetary, tax and financial matters.

13. OTHER MATTERS

 

In case of any inconsistency between the provisions of the PDPL and other relevant legislation and this Policy, the provisions of the PDPL and other relevant legislation will apply first.

This Policy prepared by ÖZCANLAR SANDALYE SAN TİC LTD. ŞTİ has entered into force with the decision of İsmail ÇELİK, the Representative Authorized by the Board of Directors.