SİMYA ECZA DEPOSU SAN. TİC. A.Ş. (SİMYA ECZA DEPOSU) prioritizes and values the protection of personal data. This Personal Data Protection and Processing Policy (the "Policy") outlines the fundamental principles adopted by SİMYA ECZA DEPOSU to ensure compliance with the personal data processing principles stipulated in the Personal Data Protection Law No. 6698 (the "Law"). In accordance with these principles, SİMYA ECZA DEPOSU ensures transparency by informing personal data subjects. Personal data is processed and protected with the utmost responsibility and awareness by SİMYA ECZA DEPOSU, in line with the procedures and principles outlined in this Policy.
2.1. Purpose
The purpose of this Policy is to align SİMYA ECZA DEPOSU with the Law and ensure its effective implementation in all operations. In accordance with "ANNEX 1 - Personal Data Processing Purposes" below, SİMYA ECZA DEPOSU will take all necessary administrative and technical measures to process and protect personal data, establish internal procedures, and conduct training to raise awareness. Appropriate and effective control mechanisms will be established, and all necessary measures will be taken to ensure compliance with the Law's processes by shareholders, authorities, employees, and business partners.
2.2. Scope
This Policy covers all personal data processed by individuals other than SİMYA ECZA DEPOSU employees, whether automatically or non-automatically, as part of any data recording system. Information regarding personal data subjects is listed in the Policy annex "ANNEX 2 - Personal Data Subjects."
SİMYA ECZA DEPOSU handles the protection of employee personal data through the SİMYA ECZA DEPOSU SAN. TİC. A.Ş. Employee Personal Data Protection and Processing Policy, established within the framework of the principles outlined in this Policy.
2.3. Legal Basis
SİMYA ECZA DEPOSU will apply the relevant legislation in force regarding the processing and protection of personal data, as well as this Policy, which is in compliance with these regulations. In cases of conflict between the legislation in force and this Policy, the legislation in force shall prevail. The regulations stipulated by the relevant legislation are translated into SİMYA ECZA DEPOSU practices through this Policy.
3.1. Ensuring the Security of Personal Data
SİMYA ECZA DEPOSU takes the necessary measures, as stipulated in Article 12 of the Law, according to the nature of the data, to prevent the unlawful disclosure, access, transfer, or other security issues that may arise regarding personal data. SİMYA ECZA DEPOSU implements measures and conducts audits to ensure the required level of personal data security, in accordance with the guidelines published by the Personal Data Protection Board.
3.2. Protection of Special Categories of Personal Data
Special care is taken in implementing measures and conducting necessary audits for the protection of special categories of personal data, including information related to individuals' race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance, attire, association, foundation, or trade union membership, health, sexual life, criminal convictions, security measures, biometric and genetic data.
Detailed information regarding the processing of special categories of personal data is provided in Article 3.3 of this Policy.
3.3. Raising Awareness on Personal Data Protection and Processing
SİMYA ECZA DEPOSU provides the necessary training to relevant parties on the lawful processing of personal data, access to data, data retention, and the exercise of rights.
To enhance employees' awareness of personal data protection, SİMYA ECZA DEPOSU establishes the necessary work processes and seeks support from consultants when needed. Deficiencies encountered in practice and the outcomes of training sessions are evaluated by SİMYA ECZA DEPOSU management. New training sessions may be organized based on these evaluations and any changes in relevant legislation.
4.1. Lawful Processing of Personal Data
Personal data is processed in accordance with the law, adhering to the following principles:
iii. Processing for Specified, Explicit, and Legitimate Purposes: SİMYA ECZA DEPOSU processes personal data for specified, explicit, and legitimate purposes related to its business activities.
The purpose of SİMYA ECZA DEPOSU in processing personal data is to inform relevant individuals in accordance with Article 10 of the Law and other legislation, to process personal data based on at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, and in a limited manner, in compliance with the general principles set out in the Law, particularly the principles outlined in Article 4 of the Law.
SİMYA ECZA DEPOSU processes the personal data of its shareholders and authorities to fulfill legal obligations arising from the Turkish Commercial Code, Tax Procedure Law, Labor Law, and other relevant legislation.
SİMYA ECZA DEPOSU records the data of those conducting business with it to ensure compliance with established rules, to issue notices in case of breaches of obligations, to initiate enforcement and legal proceedings, and to take other measures if necessary. Personal data of branches is obtained through lease agreements, addendums, additional agreements, protocols, email correspondence, etc.
SİMYA ECZA DEPOSU records the information of suppliers providing goods/services to monitor their fulfillment of responsibilities and to ensure the orderly conduct of operations. Personal data of suppliers is obtained through emails sent and received as a result of communication with them, phone calls, business cards, and information shared on their websites.
SİMYA ECZA DEPOSU requests and processes the personal data of employees and prospective employees for the purpose of making social security registrations, completing mandatory documents in individuals' personnel files within the scope of the Labor Law and Occupational Health and Safety Law. This personal data is obtained through resumes and job application forms submitted with their explicit consent during the hiring and job application process, resume viewing methods offered by human resources software programs (such as Kariyer.net, LinkedIn) that provide candidate pool services, and answers given to questions asked during interviews with their consent.
SİMYA ECZA DEPOSU requests and processes personal data from individuals applying for jobs to communicate with them for interview purposes during the recruitment process and to determine whether their qualifications and experience match the open position for which recruitment will take place. The aforementioned personal data is obtained through the applicants' explicit consent by sending their resumes to the human resources department, answering questions asked with their consent during interviews, or through resume viewing methods offered by human resources software programs (such as Kariyer.net, LinkedIn) that publish job postings and provide candidate pool services.
SİMYA ECZA DEPOSU records the data of employees and authorized individuals of its business partners within the framework of the purposes for which the partnership was established.
Supplier personal data is recorded by SİMYA ECZA DEPOSU for the purpose of providing, auditing, and ensuring the necessary goods/services for fulfilling its commercial activities. This personal data is obtained through signed contracts, invoices sent, device delivery reports, email correspondence, communication established through phone and other means, and business cards.
SİMYA ECZA DEPOSU processes the information contained in complaint and request forms received to ensure service quality. Images of individuals recorded by SİMYA ECZA DEPOSU are obtained through 24/7 security camera footage.
Detailed information on the processed personal data categories can be found in the Policy annex "ANNEX 3 - Personal Data Categories," and detailed information on personal data processing purposes can be found in the Policy annex "ANNEX 1 - Personal Data Processing Purposes."
SİMYA ECZA DEPOSU retains personal data for the duration necessary to fulfill the processing purpose and in compliance with the minimum retention periods stipulated by relevant legislation. If a specific retention period is prescribed by law, SİMYA ECZA DEPOSU adheres to that period; otherwise, personal data is stored for the duration necessary to achieve the processing purpose. Upon reaching the end of the designated retention periods, personal data is destroyed through specified methods (deletion, destruction, or anonymization), in accordance with periodic destruction schedules or requests from data subjects.
7.1. Rights of Personal Data Subjects
Personal data subjects have the following rights:
7.2. Exercise of Rights by Personal Data Subjects
Personal data subjects can submit their requests regarding the rights listed in Article 7.1 to SİMYA ECZA DEPOSU through the methods determined by the Board. They can apply to SİMYA ECZA DEPOSU by filling out the "SİMYA ECZA DEPOSU Sanayi Ticaret Anonim Şirketi Data Subject Application Form," available at [geçersiz URL kaldırıldı].
7.3. SİMYA ECZA DEPOSU's Response to Applications
SİMYA ECZA DEPOSU will finalize applications submitted by personal data subjects in accordance with the Law and other relevant legislation. Requests submitted to SİMYA ECZA DEPOSU in a proper manner will be concluded as soon as possible and no later than 30 (thirty) days, free of charge. However, if the transaction incurs additional costs, a fee may be charged in accordance with the tariff determined by the Board.
7.4. SİMYA ECZA DEPOSU's Rejection of a Personal Data Subject's Application
SİMYA ECZA DEPOSU may reject the application of the applicant, stating the reasons, in the following cases:
The Board of Directors of SİMYA ECZA DEPOSU, as the data controller, is responsible for the implementation of the Law and this Policy. Department managers are responsible for the monitoring, coordination, and supervision of all related activities and transactions.
This Policy enters into force on 20/03/2021. Any changes to the Policy will be published on SİMYA ECZA DEPOSU's website (www.simyaecza.com) and made accessible to personal data subjects and relevant individuals. Policy changes take effect on the date they are announced.