Protection of Personal Data
INFORMATION ON CONFIDENTIALITY AND THE PROTECTION OF PERSONAL DATA
İzmir Demir Çelik Sanayi A.Ş. (İDÇ) gives the utmost attention to protecting the basic rights and freedoms of people, especially the confidentiality of private life as regulated by Constitution article 20. In this scope, the company is careful to protect and process personal data according to law and observes this approach in all planning and operations.
İDÇ. Does not consider the protection and processing of personal data, which is the fundamental element of privacy, only in the scope of complying with legislation, but also places how the company values people at the heart of this approach. Operating on this awareness, İDÇ takes all necessary administrative and technical measures to ensure the secure storage of personal data and prevent illegal processing of this data.
Information on the conditions for processing and transmitting personal data produced or shared in the process of using the www.izdemir.com.tr website in accordance with No 6698 Law on the Protection of Personal Data are provided below.
DEFINITIONS
WEBSITE: the website located at www.izdemir.com.tr.
LAW: No 6698 Law on the Protection of Personal Data
PERSONAL DATA: Any kind of information belonging to identified or identifiable real individuals.
ONLINE VISITOR/CONCERNED PERSON: All real individuals who access the Website. In the scope of Visitor individuals group in the relevant company policies.
BOARD: Personal Data Protection Board
COMPANY: İzmir Demir Çelik Sanayi A.Ş.
DOMAIN PROVIDER: The real individuals or legal entities that provide systems holding services and content on the internet.
THE PERSONAL DATA THAT IS PROCESSED
The personal data that is processed in connection with the Online Visitor’s access to the website and the transactions they carry out there are provided below:
For online visitors that visit the website,
- Transaction Security Information (IP address, website traffic information, etc.)
For online visitors that fill out the forms on the website,
- Identification Information (name, surname)
- Contact Information (e-mail address, telephone number, etc.)
It is also possible for data other than those specified above to be processed in compliance with the law as required to operate, develop and secure the website.
THE METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA
Personal data is collected through the use of the website and filling out the contact forms by both automatic and somewhat automatic means to be kept as long as is needed for the purposes of processing.
Personal data is processed based on the clear consent of the online visitors. Also, personal data may be processed based on one of the following legal reasons:
" if it is set forth in laws as stated in Article 5 clause 2 of the Personal Data Law " if it is required in order for a data controller to fulfill their legal obligations
" if data processing it is required in order for a right to be facilitated, exercised or protected " if processing data is required for the legitimate interests of the data controller, on the condition of not harming the fundamental rights and freedoms of the data owner.
THE PURPOSES OF PROCESSING PERSONAL DATA
If it is clearly set forth in laws or in the framework of other conditions specified in Article 5 clause 2 of the Law, in connection with the transactions the online visitor carries out on the website;
If the “Identification and contact information” form is filled out, for the purposes of conducting/auditing business operations, conducting customer relations management processes, tracking demands/complaints and conducting communications in this scope,
“Website traffic information” is processed for the purpose of conducting information security procedures. On the other hand, per Law 5651 and various legislation, the Domain Provider is obligated to record and store website traffic information.
The processing of personal data for the purposes of sending commercial electronic transmissions is subject to the visitor’s clear consent.
Third party cookies are not used on the website. However, cookies that are required for the operation and security of the website may be used. You may reject cookies or set up a warning mechanism by changing the browser settings. When the use of cookies is stopped some of the website’s functions may not work properly.
There is information available on the following links providing information about how some commonly used cookies can be managed:
- Chrome browser: https://support.google.com/accounts/answer/61416?hl=tr
- Internet explorer: https://support.microsoft.com/tr-tr/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: https://support.mozilla.org/tr/products/firefox/protect-your-privacy/cookies
- Safari: https://support.apple.com/tr-tr/guide/safari/manage-cookies-and-website-data-sfri11471/mac
TO WHOM AND FOR WHAT REASON PROCESSED DATA MAY BE TRANSMITTED
If one of the conditions specified in the Law’s Article 5 clause 3 is present, to be limited to the purposes stated in article four of this content, personal data may be transmitted to İDÇ group companies, affiliated partnerships, affiliations, suppliers, business partners and authorized public agencies and organizations in the framework of the conditions specified in articles 8 and 9 of the Law, provided that the necessary security measures have been taken.
If one of the conditions specified in the Law’s Article 5 clause 3 is not present the transmission of Personal Data is subject to the online visitor’s clear consent.
RIGHTS OF THE DATA OWNER PER ARTICLE 11 OF THE LAW
Per article 10 of the Law, İDÇ informs the data owner about their rights, guides them on how to exercise these rights and provides all the internal operations and administrative and technical arrangements necessary thereof.
Per article 11 of the Law personal data owners have the right to
- Find out whether or not their personal data is being processed
- If personal data is being processed, request information about this
- Find out the purpose for processing personal data and whether or not it is being used accordingly
- Learn the third parties personal data is being transmitted to in the country and abroad
- If the personal data has been processed incompletely or incorrectly, ask for it to be corrected
- Ask for personal data to be deleted or removed in the framework of the Law’s article 7
- Ask for processes done per clauses (d) and (e) of article 11 under the Law (correction or deletion of data) to be notified to the third parties personal data has been transmitted to
- To object to a result that emerges against them from the analysis of processed data exclusively by automatic systems
- To demand reparation of damages suffered due to unlawful processing of personal data.
Requests and applications concerning the application of the Law can be submitted directly in writing by filling out the Personal Data Owner Application form and addressing it to Şair Eşref Bulvarı No:23 Kat:2 Çankaya, Konak Izmir or through a notary or by registered electronic mail (REM) address izdemir@hs03.kep.tr in electronic format by using and electronic signature or mobile signature.
Requests and applications may be submitted by the data owner to İDÇ at kvk@izdemir.com.tr if they have an electronic mail address that has previously been notified and is on the İDÇ system.
It is required that the following be included in requests and applications:
- Name, surname and signature if the application is in writing
- T.R. Identification number for Republic of Turkey citizens, nationality, passport number or identification number, if any, for foreigners
- Domicile or workplace address that is the basis for notification
- Electronic mail address, telephone or fax that is the basis for notification, if any
- Electronic mail address, telephone or fax that is the basis for notification, if any
- is required.
Information and documents relevant to the matters must be attached.
İDÇ shall handle the requests in the applications as soon as possible according to the nature of the request, and within thirty days at the latest, free of charge. However, if the process in question requires and additional cost, a fee determined by the Board may be charged.
İDÇ may accept the request as well as reject it, explaining the reason, and notifies the concerned party their response in writing or in electronic format. If the request that is included in the application is accepted, İDÇ shall take the necessary action as soon as possible and notify the concerned party. If the application is the result of İDÇ’s error, the fee that has been charged will be refunded to the owner.
In cases where the application is rejected, the response received is found to be insufficient or the application is not responded to in the allowed time period, the data owner shall have the right to submit a complaint to the board thirty days as of the date they receive a response and within sixty days in any case.
SECURITY OF DATA
İDÇ is in the position of preventing the illegal processing of personal data and illegal access to personal data, of ensuring personal data is protected and of taking all administrative and technical measures to ensure a proper level of security.
If there are links to other website or applications from the website, İDÇ is not informed about whether these websites and applications comply with the legislation on personal data and does not undertake any responsibility concerning their confidentiality policies and content.
By using the website, the online visitor declares that they have read all the terms and conditions written in this disclosure and have been informed about the processing of personal data.