1. PURPOSE AND SCOPE

This Confidentiality and Personal Data Protection Principles ("Principles") set out the principles adopted by Vateks Tekstil Sanayi ve Ticaret A.Ş , an affiliate of Tezman Holding A.Ş (hereinafter shall be referred to as the "Company" or “Data Controller”) regarding the protection of personal data, while establishing personal data protection principles and aiming at informing Visitors, Customers, Potential Customers, Suppliers, Third Parties and Online Visitors / Members (“Individuals Groups”) regarding processing of their personal data.

2. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

As the Company, we process your personal data in the capacity of Data Controller according to the following principles.

2.1 Processing in Compliance with Law and Principles of Honesty

Your personal data are processed in accordance with the principles which have been introduced by regulations, and the rule of general trust and honesty.

2.2 Ensuring that Personal Data are Accurate, and Up-To-Date, when Necessary

By taking your legitimate interests into consideration, periodical verifications and updates are made in order to ensure that the data processed are accurate and up-to-date, and the necessary measures are taken accordingly. In this context, systems for controlling the correctness of personal data and making necessary corrections are set up within the corporate body of the Company.

2.3 Processing for Specific, Clear and Legitimate Purposes

Your personal data are processed in accordance with clear, specific and legitimate data processing purposes.

2.4 Personal Data Being Relevant, Limited and Proportionate to their Purpose of Processing

Your personal data are processed proportionately to the extent necessary for achieving the envisaged purpose/purposes, and in a manner that is relevant and limited to the purpose, and we abstain from processing any personal data which are not related to achieving the purpose or which are not needed in that respect.

2.5 Retaining the Personal Data for the Period Stipulated in the Relevant Legislation or the Period Required for the Purpose of Processing Thereof

Your personal data are preserved only for the period prescribed in the relevant legislation or the period required for the purpose of processing thereof. In this context, first of all we identify whether a period is stipulated in the relevant legislation for the preservation of personal data, and if such a period is prescribed, we act in accordance with it, and if no such period is prescribed, we preserve the personal data for the period required for the purpose of processing thereof. In case of expiry of such period or in case the reasons requiring them to be processed cease to exist, provided there is no legal reason for allowing them to be processed for longer periods, your personal data are deleted, destroyed or anonymized in accordance with the Company’s Policy on Preservation and Destruction of Personal Data.

3. PERSONAL DATA PROCESSING CONDITIONS

Your personal data are processed by the Company in accordance with the following conditions.

3.1 Being Explicitly Stipulated by the Laws

Your personal data may be processed if it is explicitly required by the law to process such personal data.

3.2 Inability to Obtain Express Consent of the Relevant Person Due to Actual Impossibility

Where the relevant person cannot give his/her consent or his/her consent is deemed non-admissible due to actual impossibility, but his/her personal data must be processed in order to protect the life or body integrity of such person or any other person, then the personal data of such person may be processed.

3.3 Direct Relationship with Conclusion or Performance of a Contract

Where the processing of personal data belonging to the parties to a contract is necessary, such personal data may be processed provided that it is directly related to the conclusion or performance of the said contract.

3.4 Performance by COMPANY of its Legal Obligation

Your personal data may be processed, if the processing thereof is compulsory in order for us, as the Data Controller, to fulfill our legal obligations.

3.5 Personal Data that Became Public

If your personal data has been made public by you, we will be able to process them.

3.6 Obligation to Process Data for Securing or Protecting a Right

In case data processing is mandatory for securing, exercising or protecting a right, your personal data may be processed.

3.7 Processing of Data Based on Legitimate Interest

Your personal data may be processed if it is necessary based on legitimate interests of the Company.

3.8 Processing of the Data Based on Express Consent

Your personal data may be processed on the basis of express consent in cases where they cannot be processed based on any of the conditions specified in these principles.

4. CATEGORIZATION OF PERSONAL DATA

5. PURPOSE OF PROCESSING OF PERSONAL DATA

The Company may process personal data for the purposes set out below and based on the relevant individuals group, under the personal data processing conditions specified in Article 5 and 6 of the Law no. 6698.

5.1 CUSTOMERS

Personal data of customers may be processed according to the personal data processing conditions specified in Article 5 and 6 of the Law no. 6698, in order to carry out the necessary business and operational procedures for the benefit of the customers from the products and services offered by the Company; to monitor the performance of this contract, financial and accountancy affairs; to plan and execute customer relations management and customer satisfaction activity processes; to monitor the contract processes, customer’s requests and complaints; to plan and perform transfer processes; to plan data security processes; to establish, manage, audit and perform information technologies infrastructure.

5.2 POTENTIAL CUSTOMERS

Personal data of potential customers may be processed according to the personal data processing conditions specified in Article 5 and 6 of the Law no. 6698, in order to make the necessary efforts to plan and execute the activities necessary for customizing and marketing the products and services of the company in accordance with preferences, usage habits and needs of data subjects, and promote the company; carrying out the commercial activities of the Company and to carry out the related work processes; to carry out the necessary works and related business processes for ensuring that products and services offered by the Company can be benefited from; to plan and carry out the necessary activities for customization of the products and services to be offered by the Company and for their promotion; and to plan and execute customer relations management processes. 

5.3 VISITORS

The personal data of visitors may be processed according to the personal data processing conditions specified in Article 5 and 6 of the Law no. 6698, in order to ensure the safety of buildings, establishments and/or plants; to create and monitor the visitor records; to ensure the safety of fixtures and/or resources; to ensure the technical and commercial occupational safety, to ensure the safety of organizational operations; and to inform the authorized institutions and organizations.

5.4 THIRD PARTIES

The personal data of third parties may be processed according to the personal data processing conditions specified in Article 5 and 6 of the Law no. 6698, in order to carry outthe necessary business and operational procedures to benefit the customers from the products and services offered by the Company; to carry out the commercial activities of the Company and to execute the related work processes; to carry out the necessary works and related business processes for ensuring that products and services offered by the Company can be benefited from; to plan and execute the necessary activities for customizing the products and services to be offered by the Company and for their promotion; and to perform this contract.

5.5 SUPPLIERS / BUSINESS PARTNERS

Personal data of Suppliers / Business Partners may be processed according to the personal data processing conditions specified in Article 5 and 6 of the Law no. 6698, in order to carry out the necessary business and operational procedures to benefit the customers from the products and services offered by the Company; to carry out the commercial activities of the Company and to execute the related work processes; to carry out the necessary works and related business processes to ensure that products and services offered by the Company can be benefited from.

5.5 ONLINE VISITOR / MEMBER

Personal data of Online Visitors / Members may be processed according to the personal data processing conditions specified in Article 5 and 6 of the Law no. 6698, in order to carry out marketing analysis works, advertisement/campaign/promotion processes, communication works, to carry out product and service development works, and to fulfill legal obligations.

6. TRANSFER OF PERSONAL DATA

Your personal data may be transferred in a restricted manner to our domestic and overseas business partners, suppliers, affiliates, group companies, legally authorized public institutions and private persons, according to principles and objectives specified in Article 3 and 5 of these Principles personal data processing conditions and purposes specified in Article 8 and 9 of the Law no. 6698

7. METHOD OF AND LEGAL GROUNDS FOR COLLECTION OF PERSONAL DATA

Your personal data transmitted to the Company electronically are processed as follows based on the relevant individuals groups.

7.1 CUSTOMERS

The personal data of the Customers are processed by
automated means by obtaining such data directly from the person or third person as part of data recording system by using written and verbal data transmission tools in physical and electronic media according to the provisions of Article 5 of the Law no. 6698, “the processing of personal data belonging to the parties of a contract should be necessary, provided that these are directly related to the conclusion or performance of the said contract”, “data processing is mandatory for data controller’s fulfillment of its legal obligation”, “provided that it does not infringe the fundamental rights and freedoms of the relevant person, the data processing is mandatory for the legitimate interests of the data controller”

7.2 POTENTIAL CUSTOMERS

The personal data of the Potential Customers are processed by automated means by using written and verbal data transmission tools in physical and electronic media by obtaining such data directly from the persons or third parties as part of data recording system on the legal grounds that according to the stipulations of Article 5 of the Law no. 6698, “the personal data has been made public by the relevant person itself”, “data processing is mandatory for securing, exercising or protection of a right”, “provided that it does not infringe the fundamental rights and freedoms of the relevant person, the data processing is mandatory for the legitimate interests of the data controller”, and “data processing is mandatory for data controller’s fulfillment of its legal obligation”.

7.3 VISITORS

The personal data of the Visitors are processed by automated means by recording security footages with security cameras located at the entrance doors, external facade of the building, meeting rooms, activity rooms, dining rooms, cafeterias, waiting areas, parking area, elevators and floor corridor service areas on the legal grounds that, according to the provisions of Article 5 of the Law no. 6698, “data processing is mandatory for data controller’s fulfillment of its legal obligation”, “provided that it does not infringe the fundamental rights and freedoms of the data subject, the data processing is mandatory for the legitimate interests of the data controller”.

7.4 THIRD PARTIES

The personal data of Third Parties are processed by automated means by obtaining such data directly from the persons or third parties using written and verbal data transmission tools in physical or electronic media on the legal grounds that, according to the provisions of Article 5 of the Law no. 6698, “provided that it does not infringe the fundamental rights and freedoms of the data subject, the data processing is mandatory for the legitimate interests of the data controller” and according to the data processing conditions specified in article 6.

7.5 SUPPLIER / BUSINESS PARTNER

The personal data of the Suppliers / Business Partners are processed by automated means by obtaining such data directly from the person or third parties as part of data recording system by using written and verbal data transmission tools in physical and electronic media according to the stipulations of Article 5 of the Law no. 6698, “the processing of personal data belonging to the parties of a contract should be necessary, provided that these are directly related to the conclusion or performance of the said contract”, “data processing is mandatory for data controller’s fulfillment of its legal obligation”, “provided that it does not infringe the fundamental rights and freedoms of the relevant person, the data processing is mandatory for the legitimate interests of the data controller”.

7.6 ONLINE VISITOR / MEMBER

The personal data of the Online Visitors / Members are processed by automated means, under the Law No. 5651 on Regulation of Online Publications and Fighting Against Crimes Committed Through Such Publications, and on the legal grounds that, according to the provisions of Article 5 of the Law no. 6698, “provided that it does not infringe the fundamental rights and freedoms of the data subject, the data processing is mandatory for the legitimate interests of the data controller”, and “data processing is mandatory for data controller’s fulfillment of its legal obligation”.

8. SECURITY OF PERSONAL DATA

8.1 In order to ensure the safety of personal data and prevent unlawful processing thereof, the Company takes reasonable measures, which will prevent risks of unauthorized access, accidents and data losses, deliberate deletion of data or damages to data.

8.2 For prevention of access to personal data by the persons other than those who are authorized to access thereto, all the necessary technical and physical measures are taken. In this context, the authorization system in particular is designed in such a way that it will be impossible for anyone to access personal data to an extent which is more than required

8.3 The Company conducts and procures the performance of necessary audits within its own corporation or organization in order to ensure implementation of the provisions of the Law no. 6698.

9. UNDERTAKINGS WITH REGARDS TO THIRD PARTY PERSONAL DATA

The relevant Individuals Groups agree and consent to processing by the Company of their 3rd party personal data delivered by them to the Company.  The relevant Individuals Groups also undertake that they have performed the necessary information duties and have received the required consents with respect to the persons whose information has been transferred, and their information, pursuant to the Law No. 6698 on the Protection of Personal Data.  Otherwise, all damages to be incurred shall belong to the relevant Individuals Group.

10. APPLICATION PROCEDURES AND PRINCIPLES

As the data subject, you may submit an application in relation to your requests under article 11 of the Law No. 6698 ,in line with the procedures and principles provided in the Application Form for Protection of Personal Data found on the webpage www.vateks.com, by submitting a written application bearing wet signature in person or through the notary public to the address Piyalepaşa Bulvarı, No: 124, Kastel İş Merkezi D Blok K: 7, 34440 Kasımpaşa Istanbul and to the address kvkk@vateks.com by using mobile signature/e-signature. On a free-of-charge basis, the Company will accede to your request depending on the nature of the request within the shortest time possible, but no later than thirty days. However, in case the process requires any additional cost, the Company shall charge the fee specified by the Board of Protection of Personal Data.

We would like to emphasize your rights in this context as the relevant person that you have the right  

• To learn whether or not your personal data are being processed,
• To request information on the procedure, if your personal data have been processed,
• To obtain information on the purpose of processing Personal Data and find out whether personal data has been used as fit for the purpose;
• To obtain information about the third persons to whom personal data were communicated domestically or abroad,
• To request the correction of personal data that may have been incompletely or inaccurately processed;
• To request the deletion or destruction of personal data within the framework of the conditions set forth in the applicable legislation,
• To request notification of the procedures set out under the last two sub-paragraphs above to third parties to whom the personal data has been transferred,
• To object to the occurrence of a result which is detrimental to the person concerned as a result of analyzing the processed data exclusively through automatic systems; and
• To request indemnification for damages in the case that damages are sustained as a result of unlawful processing of personal data.