Telefon
facebook Facebook
Linkedin
İnstagram
Türkçe English Russia

X Koren Elektrik A.Ş.  

CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA 

  

Definitions 

X Koren Elektrik A.Ş. Anonim Şirketi ("Company") aims to process the personal data of the relevant persons in accordance with the provisions of the Personal Data Protection Law No. 6698 ("PDP Law") and other legislation. 

Your personal data that you have notified/will notify to our Company due to the fact that you are a data subject of our Company and/or obtained by the Company in any way externally by the Company in the capacity of "Data Controller" by the Company, 

  • Within the framework of the purpose that requires the processing of your personal data and in connection with this purpose, in a limited and measured manner,
  • Maintaining the accuracy and the most up-to-date version of the personal data you have notified or as notified to our company,
  • We inform you that it will be recorded, stored, preserved, reorganized, shared with institutions authorized by law to request this personal data and transferred to domestic or foreign third parties under the conditions stipulated by the PDP Law, transferred, classified and processed in other ways listed in the PDP Law and may be subject to other transactions listed in the PDP Law.

In this context, in accordance with the Laws and Regulations regulated by our Company to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, and to protect personal data, our Company takes all technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of your personal data, to prevent unlawful access and to ensure its preservation. 

  

It has been adopted with the Clarification Text to sustain and develop the activities carried out by the Company in compliance with the principles set forth in the PDP Law. 

  

In this clarification text; 

  

Personal Data: Any information relating to an identified or identifiable natural person, 

Personal Data Protection Law ("PDPL"): Law No. 6698 on the Protection of Personal Data, which entered into force after being published in the Official Gazette on April 7, 2016, 

Data Processor: The natural or legal person who processes Personal Data on behalf of the Data Controller based on the authorization granted by the Data Controller, 

Data Supervisor: The natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system. 

Contact Person: The real person whose personal data is processed. 

  

Data Collected Parties 

We collect the data of the following parties who have a business relationship with our company within the scope of the Law on the Protection of Personal Data. These are; 

        - Employees and Employee Candidates 

        - Family members and relatives of our employees and employee candidates, 

        - Customers, 

        - Suppliers, 

        - Advisors, 

        - Business partners, 

        - Company officials, 

        - Company trustees, 

        - The person(s) with whom we have a contractual relationship and their employees 

        - The person(s) who are the addressee(s) of legal proceedings, 

        - Survey respondents, 

        - Visitors, 

  

Data Collected and Processed by  Company from its Parties 

We collect and process the following data from the parties of company within the scope of Articles 5 and 6 of the Law on the Protection of Personal Data. These are; 

        - Identity and contact information, 

        - Information on family and social life, 

        - Education and training information, 

        - Employment information, 

        - Information on request/complaint management, 

        - Information on legal affairs, 

        - Financial information, 

        - Audit information, 

        - Information on electronic media use, 

        - Information on goods and services provided and procured, 

        - Business activities information, 

        - Location information, 

        - Information on trade and other licenses and permits, 

        - Physical space safety information, 

        - Visual and audio information (photos, camera), 

        - Telecommunications records, 

        - Email and information systems services usage records, 

        - Entry logs, 

        - Cookie records 

        - Health reports and health information, 

        - Criminal record information 

  

Company's Data Collection Purposes 

We collect and process data in order to realize our company purposes stated below within the scope of Articles 5 and 6 of the Personal Data Protection Law, provided that they are limited to the relevant purposes. These are; 

  • Realization of our company's commercial activities.
  • Ability to fulfill business processes related to commercial activities,
  • Management and execution of relationships with business partners and/or suppliers, 
  • Technical management of  company's websites,
  • Management of customer and follow-up of complaints,
  • Product surveys and follow-up of the questions you send to our Company,
  • Carrying out the necessary work by our business units to ensure that you benefit from the products and services offered by our Company,
  • Planning and execution of sales, marketing and after sales processes of products and/or services,
  • Providing information about the content of products and services,
  • Sending commercial electronic messages by obtaining separate approval in accordance with the legal legislation,
  • Conducting events and other organizations,
  • Conducting legal and commercial relations with our Company and the persons who are in business relations with Company and ensuring the security of these relations,
  • Administrative operations for communication carried out by  Company,
  • Employee administration and management,
  • Ensuring the physical security and supervision of the company's locations,
  • Planning of logistics activities,
  • Conducting reputation research processes,
  • Compliance with ethical values and the law and execution of legal affairs and procedures,
  • Follow-up of contract processes and/or legal requests,
  • Planning and execution of Human Resources and personnel recruitment processes and monitoring and realization of education and training activities,
  • Planning and/or execution of occupational health and/or safety processes,
  • Ensuring that our Company can benefit from incentives through the execution of research and development activities, 
  • Planning and execution of corporate communication and corporate governance activities,
  • Carrying out information security management services,
  • Monitoring and auditing financial and/or accounting affairs and carrying out activities to identify financial risks of customers,
  • Determining and implementing our company's commercial and business strategies, 
  • Creation and follow-up of visitor records,
  • For other purposes or purposes to be notified to the person concerned at the time of obtaining the information 
  • Ensuring that legal obligations are fulfilled as required or mandated by the relevant legislation, 

  

Transfer of Data Collected and Processed by  Company within the Purposes 

Your personal data collected by our company within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Personal Data Protection Law may be shared with our affiliates, shareholders, business partners (only anonymously), legally authorized public institutions and private persons and other persons within our purposes detailed above. 

  

Method and Legal Reason for Collecting Data by Company 

Personal data are collected, used, recorded, stored and processed by  company by verbal, written and/or electronic means by providing verbal, written and/or electronic information to personal data owners in a clear and understandable manner and obtaining their explicit consent when necessary, in accordance with the law and good faith, in connection with and limited to the legitimate purposes clearly stated above, within the framework of the principle of proportionality. 

We assure you that your personal data will not be processed by our company for purposes other than those specified in this disclosure document. 

  

Retention Period of the Data Collected by Company 

Your personal data are stored for the retention periods specified in the relevant legal regulations, and if no period is specified in the relevant legal regulations, your data are stored in accordance with the practices and customs of our Company's practices and commercial life or for the period required by the above-mentioned processing purposes, and then deleted, destroyed or anonymized in accordance with Article 7 of the Personal Data Protection Law and will be removed from our Company's data flows. 

  

Security of Your Data Collected and Processed by  Company 

Your personal data that you share with  Company may be collected verbally, in writing or electronically by automatic or non-automatic methods, offices, branches, call center, website, social media channels, mobile applications and similar means. Your personal data will be stored in electronic and/or physical environments. The requirements of the Personal Data Security Guide published by the PDPL board are continuously operated and developed within the scope of continuous improvement in order to ensure that your personal data provided and stored by our company are not subject to unauthorized access, manipulation, loss and damage in the environments where they are stored. 

  

Rights of the Data Subject whose Data is Collected and Processed 

Everyone has the following rights in accordance with Article 11 of the Law on the Protection of Personal Data by applying to the data controller; 

  1. a) To learn whether personal data is being processed,
  2. b) To request information if personal data has been processed,
  3. c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

        ç) To know the third parties to whom personal data are transferred domestically or abroad, 

  1. d) To request correction of personal data in case of incomplete or incorrect processing,
  2. e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
  3. f) To request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data are transferred,
  4. g) To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,

        ğ) To demand compensation for the damage in case of damage due to unlawful processing of personal data. 

Paragraph 2 of Article 28 of the Law lists the cases where data subjects do not have the right to request and within this scope; 

  1. a) Where personal data processing is necessary for the prevention of crime or criminal investigation
  2. b) Where personal data made public by the data subject itself is processed,
  3. c) Where personal data processing is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by law,
  4. d) Where personal data processing is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and fiscal matters 

the rights specified above cannot be exercised with respect to the data. 

  

The data will be outside the scope of the Law in the following cases according to Article 28, paragraph 1 of the Law, and the requests of the data subjects will not be processed in terms of these data: 

  1. a) Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that personal data are not disclosed to third parties and the obligations regarding data security are complied with.
  2. b) Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.
  3. c) Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public safety, public order, economic security, privacy of private life or personal rights or does not constitute a crime.
  4. d) Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.

 

  1. e) Processing of personal data by judicial or enforcement authorities in relation to investigations, prosecutions, trials or executions.

  

Application Methods within the Framework of the Interested Person's Rights 

You can make your request regarding the exercise of your above-mentioned rights in accordance with paragraph 1 of Article 13 of the Law on the Protection of Personal Data, with the following methods and information in accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller" published on March 10, 2018, No. 30356. 

  

Information required in the application content; 

  1. Name and surname of the applicant.
  2. If the applicant is a citizen of the Republic of Turkey, T.R. Identity Number, if not, Passport number or Identity number, if any, together with his/her nationality.
  3. The applicant's residential or business address for notification.
  4. Applicant's e-mail address, telephone or fax for notification.
  5. Applicant, Subject of the request.
  6. Information and documents related to the subject of the applicant's request.

  

Application Methods; 

  1. The applicant may personally fill out the Personal Data Request Application Form to the address where X KOREN operates (Orhangazi Mh. 1656 Sk No:19 34538 Esenyurt/Istanbul) and deliver it to the information office by hand with a closed envelope and a note "Information Request as required by the Law on the Protection of Personal Data" on the envelope.
  2. The applicant may send a notification to the address where X KOREN operates (Orhangazi Mh 1656 Sk No:19 34538 Esenyurt/Istanbul) through a Notary Public, but the note "Information Request as per the Law on the Protection of Personal Data" should be added on the notification envelope.
  3. The applicant may apply personally to the Registered Electronic Mailinfo@xkoren.com.tr address of the company with the "Secure Electronic Signature" defined in the Electronic Signature Law No. 5070 with the note "Information Request Pursuant to the Law on the Protection of Personal Data" in the subject section.  

You can find the application form for your above-mentioned rights here.