{"id":1645,"date":"2024-02-20T14:56:27","date_gmt":"2024-02-20T11:56:27","guid":{"rendered":"https:\/\/www.hurcelik.com.tr\/?page_id=1645"},"modified":"2024-03-21T23:17:28","modified_gmt":"2024-03-21T20:17:28","slug":"kisisel-verilerin-korunmasi-ve-islenme-politikasi","status":"publish","type":"page","link":"https:\/\/www.hurcelik.com.tr\/en\/kisisel-verilerin-korunmasi-ve-islenme-politikasi\/","title":{"rendered":"KVK and Processing Policy"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Protection of Personal Data<\/strong>
As our company \"H\u00fcr \u00c7elik Sanayi ve D\u0131\u015f Ticaret A.\u015e.\", we would like to inform you in the most transparent way about the \"Law on the Protection of Personal Data\" regulated on personal data in order to protect your fundamental rights and freedoms and the ways your personal data are collected, the purposes of processing, legal reasons and your rights within the scope of this Law.
Law No. 6698 on the Protection of Personal Data (hereinafter referred to as the \"Law\") entered into force on 07 April 2016 and contains regulations on the processing of all kinds of information relating to identified or identifiable natural persons.
This H\u00fcr\u00e7elik Personal Data Protection and Processing Policy (\"Policy\") contains the statements and explanations of H\u00dcR\u00c7EL\u0130K regarding the processing of personal data of natural persons in the categories listed below by H\u00fcr \u00c7elik San. ve D\u0131\u015f Ticaret A.\u015e. (\"H\u00dcR \u00c7EL\u0130K\") within the scope of the Law. In this context, the application area of the Policy is the processing processes of personal data belonging to the following Data Subjects:
- Natural Customers (may be referred to as \"Customer\" or \"User\" for short)
- Corporate Customer Shareholders, Officers, Employees - Potential Customers (may be referred to as \"Potential Customer\" or \"Potential User\" for short) - Company Officers - Shareholders - Former Employees\/Retirees - Business Partner Shareholders, Officers, Employees - Supplier Shareholders, Officials, Employees - Employees - Employee Candidates, Interns and Trainee Candidates - Business Partner Candidates - Supplier Candidates - Visitors - Press - Third Parties This Policy may be updated from time to time in order to adapt to changing conditions and legislation.<\/p>\n\n\n\n

1. PURPOSE OF THE POLICY<\/strong>
H\u00fcr \u00c7elik Sanayi ve D\u0131\u015f Ticaret A.\u015e. is obliged to act in accordance with the legal legislation in force regarding the protection of personal data, especially the Constitution of the Republic of Turkey (hereinafter referred to as the \"Constitution\") and the Law No. 6698 on the Protection of Personal Data (hereinafter referred to as the \"Law\"), and H\u00dcR\u00c7EL\u0130K carries out the necessary work to operate in compliance with the said legal legislation and to protect personal data. Within the scope of these studies, Personal Data Protection and Processing Policy has been prepared by H\u00dcR\u00c7EL\u0130K. The definitions in the Policy are included in the annex of this Protocol (Annex-2). H\u00dcR\u00c7EL\u0130K undertakes to comply with national personal data protection regulations as part of its legal and social responsibility. This Policy includes H\u00dcR\u00c7EL\u0130K's statements and explanations regarding the protection and processing of personal data belonging to natural persons in the categories listed below by H\u00dcR\u00c7EL\u0130K within the scope of the Law and it is aimed to inform the persons related to these processes. H\u00dcR\u00c7EL\u0130K, which is the data controller in accordance with the Law and the relevant legislation, determines the basic principles adopted in the processing and protection of personal data, the administrative and technical measures taken for the protection of personal data, and the procedures and principles for determining the maximum period required for the purpose for which they are processed with this Policy. In this Policy, detailed explanations are given by H\u00dcR\u00c7EL\u0130K on which data are personal data, which personal data are stored, administrative and technical measures taken for the protection of personal data, and detailed explanations regarding the processing, storage, enlightening and informing the Relevant Persons, transferring and protecting personal data to third parties.<\/p>\n\n\n\n

2. SCOPE OF THE POLICY<\/strong>
This Policy H\u00dcR\u00c7EL\u0130K customers, potential customers, employees, employee candidates, interns, intern candidates, H\u00dcR\u00c7EL\u0130K shareholders, H\u00dcR\u00c7EL\u0130K shareholders and officials, visitors, employees, shareholders and officials of business partner companies \/ institutions, supplier shareholders, officials, It is related to all personal data of employees, shareholders of corporate customers, officials, employees, business partners and supplier candidates, former employees and retirees, press and third parties, which are processed automatically or non-automatically provided that they are part of any data recording system. H\u00dcR\u00c7EL\u0130K, which is the data controller in accordance with the Law and the relevant legislation, determines the basic principles adopted in the processing and protection of personal data, the procedures and principles regarding the administrative and technical measures taken regarding the protection of personal data with this Policy. The following assets that process and store personal data within H\u00dcR\u00c7EL\u0130K and all processes related to these assets are covered by this Policy; All printed or written documents containing personal data, documents, files, all applications containing personal data All databases containing personal data, In this context; It is related to the personal data of H\u00dcR\u00c7EL\u0130K customers, potential customers, employees, employee candidates, interns, intern candidates, H\u00dcR\u00c7EL\u0130K shareholders, officials, suppliers, supplier employees, supplier employees, H\u00dcR\u00c7EL\u0130K website, workplace visitors, business partnership institution employees, shareholders and officials and third parties, which are processed by non-automatic means, provided that they are fully or partially automated or part of any data recording system, and\/or collected within the scope of all legal data processing conditions stipulated by law. Anonymised and unidentifiable data, such as data that do not contain personal data obtained for statistical evaluations or studies, and data relating to legal entities are not considered personal data and data that cannot be attributed to a specific or identifiable person are not considered personal data and are not subject to this Policy. This Policy applies to H\u00dcR\u00c7EL\u0130K's real person customers as well as other real persons who do not have a specific framework agreement with H\u00dcR\u00c7EL\u0130K.<\/p>\n\n\n\n

3. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA<\/strong>
H\u00dcR\u00c7EL\u0130K, as the data controller pursuant to Article 4 of the Law, acts in accordance with the following principles in the processing of personal data: - Compliance with the law and honesty rules: H\u00fcr\u00e7elik acts in accordance with the laws, secondary regulations and general principles of law in the processing of your personal data; attaches importance to processing personal data limited to the purpose of processing and taking into account the reasonable expectations of the Data Subjects. - Accuracy and timeliness: Data controllers should establish the necessary processes to ensure that the personal data they process are accurate and up-to-date. In this direction, H\u00dcR\u00c7EL\u0130K provides the opportunity for the Relevant Persons to update their data and takes the necessary measures to ensure the correct transfer of data to databases. - Processing for specific, explicit and legitimate purposes: Data controllers are obliged to inform the Data Subjects about the purposes of processing personal data in line with their disclosure obligations under the Law. In this direction, H\u00dcR\u00c7EL\u0130K, as the data controller, keeps data processing activities limited to specific and legitimate purposes and clearly informs the owners of the Relevant Person within the scope of the clarification texts regarding these purposes. Retention for the period stipulated in the relevant legislation or required for the relevant purpose: If a certain period is determined within the scope of the legislation in force, the data is kept for this period. If no such period is specified in the legislation, reasonable retention periods are determined by taking into account the purpose of data use and company procedures, and the data are kept limited to this period. Following the expiration of the aforementioned periods, the data are deleted, destroyed or anonymized in accordance with the company procedures.<\/p>\n\n\n\n

4. PURPOSES OF PROCESSING PERSONAL DATA BY H\u00dcR\u00c7EL\u0130K<\/strong>
Articles 5 and 6 of the Law set forth the conditions for the processing of personal data and sensitive personal data. \"Special categories of personal data\" are listed in a limited manner in the Law and include data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. While Article 5 of the Law determines the conditions for processing non-special categories of personal data, the conditions for processing special categories of personal data are regulated in Article 6 of the Law. In accordance with the regulation in Article 5 of the Law, as a rule, H\u00dcR\u00c7EL\u0130K processes Personal Data with the explicit consent of the Data Subject. However, pursuant to paragraph 2 of Article 5 of the Law; it is also possible to process Personal Data in cases where there is no explicit consent. Accordingly; Personal data can also be processed by H\u00dcR\u00c7EL\u0130K in the presence of one or more of the conditions written in the following paragraphs.\n\n However, pursuant to paragraph 2 of Article 5 of the Law; It is also possible to process Personal Data in the absence of explicit consent. Accordingly; Personal data can also be processed by H\u00dcR\u00c7EL\u0130K in the presence of one and \/ or more of the conditions written in the following paragraphs. Although the existence of only one of the conditions specified below is sufficient for personal data processing activity; more than one of the mentioned conditions may also be the basis of the same personal data processing activity. According to the aforementioned articles, non-special categories of personal data may be processed in the following cases: - Explicit consent of the Data Subject. - Data processing is explicitly stipulated by law. - It is mandatory to process the relevant data for the protection of the life or physical integrity of the person himself\/herself or of another person who is unable to disclose his\/her consent due to actual impossibility or whose consent is not legally valid. - Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract. - Data processing is mandatory for the data controller to fulfill its legal obligation. - Personal data has been made public by the data subject himself\/herself. - Data processing is mandatory for the establishment, exercise or protection of a right. - Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.<\/p>\n\n\n\n

5. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA<\/strong>
5.1. Conditions for Processing Sensitive Personal Data<\/strong>
Personal data recorded as \"specially reserved\" within the scope of the Law due to the risk of causing discrimination or victimization of persons processed unlawfully are separately stated in this Policy due to these conditions. Storage of private personal data defined in the 1st paragraph of Article 6 of the Law is prohibited without the express consent of the Relevant Person, as specified in the 2nd paragraph of Article 6 of the Law. Paragraph 3 of Article 6 of the Law regulates the exceptions to this rule. By H\u00dcR\u00c7EL\u0130K; Personal data of private records are processed in accordance with the above-mentioned law article, with adequate maintenance to be determined by the Board. The law defines data regarding individuals' race, ethnic origin, political belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security practices, as well as biometric and genetic data as \"private parts\". \u201d or \u201csensitive\u201d personal data and more severe conditions are stipulated for their maintenance. Accordingly, special comprehensive personal data can only be processed in cases where there is no explicit consent from the data owner: \u2022 Explicit consent of the Relevant Person is obtained, \u2022 Data of private data (race, ethnic origin of persons, political data) except for data regarding health and sexual life. , loyalty, religious, sectarian or other beliefs, appearance and dress, members of an association, foundation or union, criminal conviction and security-related data and biometric and genetic data) defined it as \"special nature\" or \"sensitive\" personal data and stipulated more severe conditions for its processing. Accordingly, special personal data can only be processed under the following conditions, except for cases where explicit consent has been obtained from the data owner: \u2022 There is explicit consent of the Relevant Person, \u2022 Special personal data other than data regarding health and sexual life (race, ethnic origin, political Processing is foreseen by law in terms of opinion, philosophical belief, religion, sect or other beliefs, appearance and attire, association, foundation or union membership, data regarding criminal convictions and security measures, and biometric and genetic data), \u2022 In terms of data regarding health and sexual life processing by persons or authorized institutions and organizations under the obligation of confidentiality, for the purpose of protecting public health, preventive medicine, medical diagnosis, execution of treatment and care services, planning and management of health services and their financing. 5.2. Personal data regarding natural persons in the categories specified in Annex-1 are processed by H\u00dcR\u00c7EL\u0130K for the following purposes: H\u00dcR\u00c7EL\u0130K processes Personal Data in cases where consent is required, in accordance with Articles 5 and 6 of the Law, for the purposes stated below and similar purposes. is processed by obtaining the approval of the Relevant Person within the scope of legal legislation: \u2022 Personal and contact data: Name-surname, telephone, e-mail information are used for product sales, accounting transactions, financial transactions and communication purposes. \u2022 Camera recordings: Ensuring physical space security. 5.3. Apart from the data-based purposes stated above, it may process the personal data of the Relevant Person or third parties specified by the Relevant Person for various purposes, including but not limited to those stated below. \u2022 To organize all records and documents that will be the basis for the transaction in electronic or paper environment, \u2022 To provide information to public officials upon request and in accordance with the legislation regarding public security issues. To be able to provide information, \u2022 To fulfill our legal obligations and to exercise the rights arising from the current legislation, \u2022 To ensure security within the company and in warehouses \u2022 Planning, Control and Execution of Information Security Processes \u2022 Execution of Emergency Management Processes \u2022 Establishing and Managing Information Technologies Infrastructure \u2022 Fringe Benefits for Employees and Benefits Planning and Execution \u2022 Management of Application and Selection and Placement Processes for Employee Candidates and Interns \u2022 Fulfillment of Employment Contract and Legislation Obligations for Employees \u2022 Execution of Fringe Benefits and Benefits Processes for Employees \u2022 Conduct of Audit \/ Ethics \/ Training Activities \u2022 Planning of All Access Authorizations and Execution \u2022 Event Management \u2022 Follow-up of Finance and\/or Accounting Affairs \u2022 Conduct of Activities in Compliance with Legislation \u2022 Conduct of Commitment Processes for Company \/ Product \/ Services \u2022 Ensuring Physical Space Security \u2022 Execution of Assignment Processes \u2022 Follow-up and Execution of Legal Affairs \u2022 Internal Audit\/Investigation\/Intelligence Activities Execution \u2022 Conducting Communication Activities \u2022 Planning Human Resources Processes \u2022 Execution \/ Audit of Business Activities \u2022 Conducting Occupational Health \/ Safety Activities \u2022 Receiving and Evaluating Suggestions for Improvement of Business Processes \u2022 Execution of Business Continuity Ensuring Activities \u2022 Business Partners and\/or Planning and Execution of Suppliers' Access to Information \u2022 Management of Relationships with Business Partners and\/or Suppliers \u2022 Planning and Execution of Corporate Communication and Corporate Governance Activities \u2022 Ensuring the Security of Company Fixtures and\/or Resources \u2022 Ensuring that Company Activities are Conducted in Compliance with Company Procedures and\/or Relevant Legislation Planning and Execution of Operational Activities Necessary for \u2022 Ensuring the Security of Company Operations \u2022 Planning and\/or Execution of the Company's Financial Risk Processes \u2022 Planning and\/or Execution of the Company's Production and\/or Operational Risk Processes \u2022 Performing Corporate and Partnership Law Transactions \u2022 Contract Processes and\/or Legal Tracking of Demands \u2022 Planning and Execution of Supply Chain Management Processes \u2022 Planning and Execution of Production and\/or Operation Processes \u2022 Planning and Execution of Market Research Activities for the Sales and Marketing of Products and Services, \u2022 Purchasing, Marketing and\/or Sales Processes of Products and\/or Services Planning and Execution, \u2022 Execution of After-Sales Support Services of Products and\/or Services \u2022 Ensuring that Data is Accurate and Up-to-Date \u2022 Execution of Logistics Activities \u2022 Organization and Event Management \u2022 Conducting Marketing Analysis Studies \u2022 Conducting Performance Evaluation Processes \u2022 Execution of Risk Management Processes \u2022 Storage and Archive Execution of Activities \u2022 Execution of Contract Processes \u2022 Execution of Wage Policy \u2022 Ensuring the Security of Data Controller Operations \u2022 Execution of Investment Processes \u2022 Execution of Management Activities \u2022 Creation and Tracking of Visitor Records For detailed information regarding the personal data processing purposes in question, see ANNEX-3 (\u201cANNEX 3) of this Policy. - Personal Data Processing Purposes\u201d) section.<\/p>\n\n\n\n

6. TRANSFER OF PERSONAL DATA BY H\u00dcR\u00c7ELI\u0307K<\/strong>
6.1. General Conditions for Transfer<\/strong>
Article 8 of the Law makes a distinction regarding the transfer of personal data according to whether the data is \"personal data of special nature\" or not. According to the aforementioned article, non-special personal data may be transferred to third parties if one of the processing conditions specified in Sections 5.2 and 5.3 above is met. In this regard, personal data; \u2022 The Relevant Person has express consent, \u2022 Data processing is clearly prescribed by law, \u2022 It is mandatory to process the relevant data in order to protect the life or physical integrity of the person who is unable to express his consent due to actual impossibility or whose consent is not given legal validity, or the life or physical integrity of another person, \u2022 A contract It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract, \u2022 Data processing is mandatory for the data controller to fulfill its legal obligation, \u2022 Personal data has been made public by the relevant person himself, \u2022 For the establishment, use or protection of a right. Data processing is mandatory, \u2022 Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned, and H\u00dcR\u00c7EL\u0130K may share it with persons outside its legal entities.
Kanun\u2019un 8. maddesi, \u00f6zel nitelikli ki\u015fisel veriler a\u00e7\u0131s\u0131ndan da B\u00f6l\u00fcm 5.1\u2019de belirtilen i\u015fleme \u015fartlar\u0131na at\u0131f yapm\u0131\u015f, ancak aktar\u0131m i\u00e7in ayr\u0131ca yeterli \u00f6nlemlerin al\u0131nm\u0131\u015f olmas\u0131n\u0131 \u00f6ng\u00f6rm\u00fc\u015ft\u00fcr. Buna g\u00f6re H\u00dcR\u00c7EL\u0130K taraf\u0131ndan \u00f6zel nitelikli ki\u015fisel veriler, \u2022 Sa\u011fl\u0131k ve cinsel hayata ili\u015fkin veriler d\u0131\u015f\u0131ndaki \u00f6zel nitelikli ki\u015fisel veriler (ki\u015filerin \u0131rk\u0131, etnik k\u00f6keni, siyasi d\u00fc\u015f\u00fcncesi, felsefi inanc\u0131, dini, mezhebi veya di\u011fer inan\u00e7lar\u0131, k\u0131l\u0131k ve k\u0131yafeti, dernek, vak\u0131f ya da sendika \u00fcyeli\u011fi, ceza mahk\u00fbmiyeti ve g\u00fcvenlik tedbirleriyle ilgili verileri ile biyometrik ve genetik verileri) a\u00e7\u0131s\u0131ndan i\u015flemenin kanunlarda \u00f6ng\u00f6r\u00fclmesi, ve \u2022 Sa\u011fl\u0131k ve cinsel hayata ili\u015fkin veriler a\u00e7\u0131s\u0131ndan kamu sa\u011fl\u0131\u011f\u0131n\u0131n korunmas\u0131, koruyucu hekimlik, t\u0131bb\u0131 te\u015fhis, tedavi ve bak\u0131m hizmetlerinin y\u00fcr\u00fct\u00fclmesi, sa\u011fl\u0131k hizmetleri ile finansman\u0131n\u0131n planlanmas\u0131 ve y\u00f6netimi amac\u0131yla, s\u0131r saklama y\u00fck\u00fcml\u00fcl\u00fc\u011f\u00fc alt\u0131nda bulunan ki\u015filer veya yetkili kurum ve kurulu\u015flar taraf\u0131ndan i\u015flenmesi, ama\u00e7lar\u0131na tabi olarak, her hal\u00fckarda yeterli \u00f6nlemlerin al\u0131nmas\u0131 sonras\u0131nda \u00fc\u00e7\u00fcnc\u00fc ki\u015filerle payla\u015f\u0131lmaktad\u0131r.
H\u00dcR\u00c7EL\u0130K may transfer personal data to the following categories of recipient groups in accordance with Articles 8 and 9 of the Law: - Legally Authorised Public Institution, - Legally Authorised Private Institution, - Business Partner, - Supplier shareholders and employees - H\u00dcR\u00c7EL\u0130K shareholders, employees - Direct\/indirect domestic\/foreign subsidiaries, - Program partner institutions and organisations with which we cooperate in order to carry out our activities, - Domestic\/foreign persons and institutions from which we receive data storage services in the cloud environment, - Contracted banks, - Domestic\/foreign related business partners
6.2. Transfer Abroad<\/strong>
Personal data is transferred abroad by H\u00dcR\u00c7EL\u0130K; \u2022 In case the Relevant Person has express consent, or \u2022 In cases where the Relevant Person does not have express consent, but one or more of the other conditions mentioned above are met; \u2022 If there is adequate protection in the country to which the data is transferred, or \u2022 If there is not sufficient protection in the country to which the data is transferred, it can be transferred provided that the relevant H\u00dcR\u00c7EL\u0130K undertakes adequate protection in writing together with the data controller in the relevant foreign country and the permission of the Personal Data Protection Board is obtained. In this context, it can be processed and stored on the servers and electronic media\/overseas servers\/cloud computing systems used.<\/p>\n\n\n\n

7. PERSONAL DATA PROCESSED BY H\u00dcR\u00c7ELI\u0307K<\/strong>
The categories of Personal Data processed by H\u00dcR\u00c7EL\u0130K are included in Annex-1.<\/p>\n\n\n\n

8. PROCEDURE FOR PROCESSING PERSONAL DATA BY H\u00dcR\u00c7ELI\u0307K<\/strong>
8.1. As stipulated in the Law, during the collection of personal data, H\u00dcR\u00c7EL\u0130K informs the Relevant Persons about the purpose for which it processes personal data as the data controller, to whom and for what purposes it can transfer the processed personal data, the personal data collection method and legal reason, and the rights of the Relevant Person. 8.2. If any process requires explicit consent in accordance with the Law, express consent is obtained from the Relevant Person after the above-mentioned information is provided by H\u00dcR\u00c7EL\u0130K.<\/p>\n\n\n\n

9. STORAGE AND DESTRUCTION OF PERSONAL DATA BY H\u00dcR\u00c7ELI\u0307K<\/strong>
9.1. When determining the storage period of personal data, H\u00dcR\u00c7EL\u0130K takes into consideration the legislation in force and the purposes of processing the data subject to the process. In any case, H\u00dcR\u00c7EL\u0130K determines the retention periods in the light of its legal obligations and relevant statute of limitations. 9.2. In accordance with the obligation to delete, destroy or anonymise personal data stipulated in the Turkish Penal Code, the Law and other relevant legislation, although H\u00dcR\u00c7EL\u0130K has processed it in accordance with the Law and other legislation, in case the purpose of data processing is eliminated, personal data shall be transferred to H\u00dcR\u00c7EL\u0130K. It is deleted, destroyed or anonymized based on the decision made by you or the request of the personal data owner.<\/p>\n\n\n\n

ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA<\/strong>
H\u00dcR\u00c7EL\u0130K takes all necessary precautions, within the limits of possibility, depending on the nature of the data to be protected, in order to prevent unlawful disclosure, access, transfer of personal data or security deficiencies that may occur in other ways. In this context, all necessary (i) administrative and (ii) technical measures are taken by H\u00dcR\u00c7EL\u0130K, (iii) an audit system is established within H\u00dcR\u00c7EL\u0130K and (iv) in case of illegal disclosure of personal data, actions are taken in accordance with the measures stipulate<\/p>\n\n\n\n

9.3. Administrative Measures Taken by H\u00dcR\u00c7EL\u0130K to Ensure the Processing of Personal Data in accordance with the Law and to Prevent Unlawful Access to Personal Data:<\/strong>
There are disciplinary regulations for employees that include data security provisions. \u2022 Training and awareness activities are carried out at regular intervals for employees regarding data security. \u2022 An authority matrix has been created for employees. \u2022 Corporate policies on access, information security, use, storage and destruction have been prepared and implemented. \u2022 Confidentiality commitments are made. \u2022 The authorities of employees who change their duties or leave their jobs in this area are removed. \u2022 Signed contracts contain data security provisions. \u2022 Extra security measures are taken for personal data transferred via paper and the relevant documents are sent in confidential document format. \u2022 Personal data security policies and procedures have been determined. \u2022 Personal data security issues are reported quickly. \u2022 Personal data security is monitored. \u2022 Necessary security measures are taken regarding entry and exit to physical environments containing personal data. \u2022 Physical environments containing personal data are secured against external risks (fire, flood, etc.). \u2022 The security of environments containing personal data is ensured. \u2022 Personal data is reduced as much as possible. \u2022 Periodic and\/or random audits are carried out within the institution. \u2022 Protocols and procedures for the security of special personal data have been determined and implemented. \u2022 Data processing service providers are made aware of data security.<\/p>\n\n\n\n

9.4. Technical Measures Taken by H\u00dcR\u00c7EL\u0130K to Ensure the Lawful Processing of Personal Data and to Prevent Unlawful Access to Personal Data:<\/strong>
\u2022 Regarding the processing and protection of personal data by H\u00dcR\u00c7EL\u0130K, technical measures are taken to the extent technology allows, and the measures taken are updated and improved in parallel with the developments. \u2022 Network security and application security are ensured. \u2022 A closed system network is used for personal data transfer via the network. \u2022 Key management is implemented. \u2022 Security measures are taken within the scope of information technology systems procurement, development and maintenance. \u2022 Access logs are kept regularly. \u2022 Data masking measures are applied when necessary. \u2022 Up-to-date anti-virus systems are used. \u2022 Firewalls are used. \u2022 Personal data is backed up and the security of the backed up personal data is ensured. \u2022 User account management and authorization control system is implemented and these are also monitored. \u2022 Periodic and\/or random audits are carried out within the institution. \u2022 Log records are kept without user intervention. \u2022 Current risks and threats have been identified. \u2022 Intrusion detection and prevention systems are used. \u2022 Penetration testing is applied. \u2022 Cyber \u200b\u200bsecurity measures have been taken and their implementation is constantly monitored. \u2022 Encryption is done. \u2022 Sensitive personal data transferred on removable memory, CD, DVD media is encrypted. \u2022 Data loss prevention software is used. 9.5. Methods to be Applied and Measures to be Taken in Case of Unlawful Disclosure of Personal Data Within the scope of personal data processing activities carried out by H\u00dcR\u00c7EL\u0130K, in case personal data is obtained by unauthorized persons unlawfully, the situation will be reported to the Board and Relevant Persons without delay.<\/p>\n\n\n\n

10. CLARIFICATION OF RELATED PERSONS<\/strong>
In accordance with Article 10 of the Law, H\u00dcR\u00c7EL\u0130K informs the Relevant Person during the acquisition of personal data. In this context, it clarifies the identity of H\u00dcR\u00c7EL\u0130K and its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of the Relevant Person. T.R. Article 20 of the Constitution states that everyone has the right to be informed about their personal data. In this regard, Article 11 of the Law includes the right to \"request information\" among the rights of the personal data owner. In this context, H\u00dcR\u00c7EL\u0130K, T.R. In accordance with Article 20 of the Constitution and Article 11 of the Law, it provides the necessary information if the Relevant Person requests information. Detailed information about the rights of the Relevant Person is included in section 12.1 of this Policy (\u201cRights of the Relevant Person\u201d).<\/p>\n\n\n\n

11. RIGHTS OF THE RELATED PERSON AND THE USE OF THESE RIGHTS<\/strong>
11.1. Rights of the Relevant Person<\/strong>
Ki\u015fisel Veri\u2019lere ili\u015fkin olarak Kanun\u2019un 11. Maddesi uyar\u0131nca \u0130lgili Ki\u015fi\u2019nin H\u00dcR\u00c7EL\u0130K\u2019ten talep edebilece\u011fi yasal haklar a\u015fa\u011f\u0131da say\u0131lmaktad\u0131r: (1) Ki\u015fisel verilerinin i\u015flenip i\u015flenmedi\u011fini \u00f6\u011frenme, (2) Ki\u015fisel verileri i\u015flenmi\u015fse buna ili\u015fkin bilgi talep etme, (3) Ki\u015fisel verilerinin i\u015flenme amac\u0131n\u0131 ve bunlar\u0131n amac\u0131na uygun kullan\u0131l\u0131p kullan\u0131lmad\u0131\u011f\u0131n\u0131 \u00f6\u011frenme, (4) Ki\u015fisel verilerinin yurt i\u00e7inde veya yurt d\u0131\u015f\u0131nda aktar\u0131ld\u0131\u011f\u0131 \u00fc\u00e7\u00fcnc\u00fc ki\u015fileri \u00f6\u011frenme, (5) Ki\u015fisel verilerinin eksik veya yanl\u0131\u015f i\u015flenmi\u015f olmas\u0131 halinde bunlar\u0131n d\u00fczeltilmesini isteme ve bu kapsamda yap\u0131lan i\u015flemin ki\u015fisel verilerinin aktar\u0131ld\u0131\u011f\u0131 \u00fc\u00e7\u00fcnc\u00fc ki\u015filere bildirilmesini isteme, (6) Kanun ve ilgili di\u011fer kanun h\u00fck\u00fcmlerine uygun olarak i\u015flenmi\u015f olmas\u0131na ra\u011fmen, i\u015flenmesini gerektiren sebeplerin ortadan kalkmas\u0131 halinde ki\u015fisel verilerinin silinmesini veya yok edilmesini isteme ve bu kapsamda yap\u0131lan i\u015flemin ki\u015fisel verilerinin aktar\u0131ld\u0131\u011f\u0131 \u00fc\u00e7\u00fcnc\u00fc ki\u015filere bildirilmesini isteme, (7) \u0130\u015flenen verilerinin m\u00fcnhas\u0131ran otomatik sistemler vas\u0131tas\u0131yla analiz edilmesi suretiyle aleyhine bir sonucun ortaya \u00e7\u0131kmas\u0131na itiraz etme, (8) Ki\u015fisel verilerinin kanuna ayk\u0131r\u0131 olarak i\u015flenmesi sebebiyle zarara u\u011framas\u0131 halinde zarar\u0131n giderilmesini talep etme.<\/p>\n\n\n\n

11.2. Situations in which the Relevant Person Cannot Assert His Rights<\/strong>
In the cases listed in Article 28 of the Law, the Relevant Person will not be able to assert the rights listed in section 12.1 (\u201cRights of the Relevant Person\u201d). Because these situations are excluded from the scope of data protection specified in the Law. Within the scope of the said article, the following cases are listed: (1) Processing of personal data for purposes such as research, planning and statistics by anonymising them with official statistics, (2) Personal data is processed entirely by real persons, provided that they are not given to third parties and obligations regarding data security are complied with. or processing within the scope of activities related to family members living in the same residence. (3) Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime, (4) Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public security, public order or economic security, (5) Investigation, prosecution of personal data processing by judicial authorities or enforcement authorities regarding trial or execution proceedings. Pursuant to the 2nd paragraph of Article 28 of the Law, the Relevant Person cannot assert other rights listed in section 12.1 (\u201cRights of the Relevant Person\u201d), except for the right to request compensation for the damage in the cases listed below: (1) Personal data processing It is necessary for the prevention of crime or criminal investigation, (2) Processing of personal data made public by the personal data owner, (3) Processing of personal data is carried out by authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions, based on the authority granted by the law, and their supervisory or regulatory duties. (4) Personal data processing is necessary to protect the economic and financial interests of the state regarding budget, tax and financial matters.<\/p>\n\n\n\n

11.3. Relevant Person's Exercise of His Rights<\/strong>
The Relevant Person may submit his\/her requests regarding the rights numbered in section 12.1 (\u201cRights of the Relevant Person\u201d) of this Policy by filling out the \u201cH\u00fcr \u00c7elik Sanayi ve D\u0131\u015f Ticaret Anonim \u015eirketi Relevant Person Application Form\u201d; \u2013 a wet signed copy; by hand, through a notary, by registered letter to \u201cPelitli Mah. 4417. Sokak, No:30, Gebze-Kocaeli\" or - By scanning the form and signing it with the secure electronic signature issued within the scope of the Electronic Signature Law No. 5070 and sending it via registered e-mail to hurcelik@hs03.kep.tr] or - By scanning the form The Data Controller has the right to send an e-mail to the e-mail address kvkk@hurcelik.com using the e-mail address registered in the Data Controller's system or to H\u00dcR\u00c7EL\u0130K by following another method prescribed by the Personal Data Protection Board. In order for third parties to request an application on behalf of the Relevant Person, the Relevant Person must have a special power of attorney issued through a notary on behalf of the person who will apply.<\/p>\n\n\n\n

11.4. H\u00dcR\u00c7EL\u0130K's Response to the Applications<\/strong>
H\u00dcR\u00c7EL\u0130K takes all necessary administrative and technical measures to finalise the applications to be made by the Relevant Person in accordance with the effective, law and honesty rule. H\u00dcR\u00c7EL\u0130K has the right to accept the applications of the Relevant Person, as well as the right not to accept them, provided that the reason is explained. H\u00dcR\u00c7EL\u0130K may notify the relevant response to the Relevant Person in writing or electronically. In the event that the Relevant Person submits his\/her request regarding the rights under section 12.1 (\"Rights of the Relevant Person\") to H\u00dcR\u00c7EL\u0130K in accordance with the procedures referred to in section 12.3 (\"Exercise of Rights by the Relevant Person\"), H\u00dcR\u00c7EL\u0130K shall finalise the request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee specified below may be charged. If H\u00dcR\u00c7EL\u0130K will respond to the application of the Relevant Person in writing, no fee will be charged up to ten pages, but for each page above ten pages, 1,00-TL (one Turkish Lira) transaction fee may be charged as specified in the Law and other relevant legislation.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Click here to read the entire document ( PDF )<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

H\u00fcr \u00c7elik San ve D\u0131\u015f Tic. A.\u015e. Contact Person Application Form<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

Ki\u015fisel Verilerin Korunmas\u0131\u015eirketimiz \u201cH\u00fcr \u00c7elik Sanayi ve D\u0131\u015f Ticaret A.\u015e.\u201d olarak; temel hak ve \u00f6zg\u00fcrl\u00fcklerinin korunmas\u0131 amac\u0131yla, ki\u015fisel verilerle ilgili d\u00fczenlenen “Ki\u015fisel […]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1645","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.hurcelik.com.tr\/en\/wp-json\/wp\/v2\/pages\/1645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hurcelik.com.tr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.hurcelik.com.tr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.hurcelik.com.tr\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hurcelik.com.tr\/en\/wp-json\/wp\/v2\/comments?post=1645"}],"version-history":[{"count":0,"href":"https:\/\/www.hurcelik.com.tr\/en\/wp-json\/wp\/v2\/pages\/1645\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.hurcelik.com.tr\/en\/wp-json\/wp\/v2\/media?parent=1645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}