General Information on Your Right to Apply

Pursuant to Article 11 of the Law No. 6698 on the Protection of Personal Data (“Law No. 6698”), as a data subject, you may apply to SVR Sever Makine San. ve Tic. A.Ş. (“company”) and make the following requests:

(1) To learn whether your personal data is being processed,

(2) To request information if your personal data has been processed,

(3) To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,

(4) To learn the third parties to whom your personal data are transferred domestically or abroad,

(5) To request correction of your personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,

(6) Although it has been processed in accordance with the provisions of Law No. 6698 and other relevant laws, to request the deletion, destruction or anonymization of your personal data in the event that the reasons requiring its processing disappear and to request that the transaction made within this scope be notified to third parties to whom personal data is transferred,

(7) To object to the emergence of a result against you by analyzing your processed data exclusively through automated systems,

(8) To request the compensation of the damage in case you suffer damage due to unlawful processing of your personal data.

Based on Article 13 of the Law No. 6698, our Company will respond to your application with the nature of the request.

Application Method

In accordance with Article 13 of the Law No. 6698 and Article 5 of the Communiqué on the Procedures and Principles of Application to the Data Controller, you can submit your requests within the scope of your rights herein to our Company in writing or by using your registered electronic mail (KEP) address, secure electronic signature, mobile signature or your e-mail address that you have previously notified to our Company and registered in our system.

The following explanations should be noted during the application by the Data Subject

APPLICATION METHOD Application in Writing Application via Registered Electronic Mail (KEP) Application via Electronic Mail Address in our system Application via Fax

APPLICATION ADDRESS

INFORMATION TO BE SHOWN IN THE APPLICATION “Information Request within the Scope of the Law on the Protection of Personal Data” will be written on the envelope/notification. “Personal Data Protection Law Information Request” will be written in the subject section of the e-mail. “Personal Data Protection Law Information Request” will be written in the subject section of the e-mail. “Information Request under the Law on the Protection of Personal Data” will be written on the request.

Identity and Contact Information

Please fill in the fields below so that we can contact you and verify your identity.

Name-Surname :

T.R. Identity Number /

Passport Number for Citizens of Other Countries

Residential Address for Notification /

Workplace Address

Telephone Number

Fax Number

Email Address

Your relationship with our company :

Service recipient Employee/intern

Former employee Supplier of goods and services

Visitor Other

Request Subject

Please write your request regarding your personal data clearly below. Information and documents regarding your request should be attached to your application. In this context, we can support you faster if you can specify the departments you have contacted within our Company while writing your request.

In line with the requests I have stated above, I kindly request that my application to our Company be evaluated in accordance with Article 13 of Law No. 6698 and that I be informed.

 

I hereby declare and undertake that the information and documents I have provided to you in this application are correct and up-to-date, that your company may request additional information in order to finalize my application and that I have been informed that I may have to pay the fee determined by the Personal Data Protection Board if it requires an additional cost.

I would like the response to be sent to the postal address I provided in section 3.

I want the response to be sent to my e-mail address provided in section 3.

I would like the response to be sent to the fax number I provided in section 3.

Applicant Relevant Person (Data Subject)

Name Surname :

Application Date :

Signature :

SVR SEVER MAKİNE SAN. VE TİC. A.Ş WITHIN THE SCOPE OF THE LAW ON THE PROTECTION OF PERSONAL DATA NUMBERED 6698

CLARIFICATION TEXT

Pursuant to the provisions of the Law No. 6698 on the Protection of Personal Data (KVKK), any information that makes your identity specific or identifiable will be processed as “Personal Data” by SVR SEVER MAKİNE SAN. VE TİC. A.Ş. as the Data Controller within the following scope. “Processing of Your Personal Data” refers to all kinds of operations performed on the data such as obtaining, recording, storing, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of such data.

 

As SVR SEVER MAKİNE SAN. VE TİC. A.Ş., we would like to state that we continue our activities with the awareness that the security of your personal data is at the forefront in our services we offer to you by giving the highest level of importance to the security of your personal data.

Our basic principle is to protect the privacy of your private life and fundamental rights and freedoms during the use of your personal data in our services.

 

Purposes and Legal Reasons for Processing Your Personal Data

 

To record your identity information, address, telephone number, tax number and other information, which are considered as personal data within the scope of KVKK, in order to be used in the services to be provided to you within the scope of the law and relevant legislation to which our institution is affiliated, to perform our Company services, to determine the owner and addressee of all kinds of business and transactions within this scope, To organize the information and documents that will be the basis for the works and transactions to be carried out on paper or electronically, to comply with the information storage, reporting and information obligations stipulated to all judicial and administrative authorities in accordance with the relevant legislation, to fulfill our services within the scope of the laws we are affiliated with, to provide other services offered or requested by our Institution.

 

In addition, under the heading “Conditions for processing personal data” of the Law, the conditions that make it possible to process personal data without seeking the explicit consent of the data subject are listed as follows

1. a) It is clearly stipulated in the laws.
2. b) It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid.
3. c) It is necessary to process personal data belonging to the parties of a contract, provided that it is directly related to the establishment or performance of a contract.

ç) It is mandatory for the data controller to fulfill its legal obligation.

1. d) It has been made public by the data subject himself/herself.
2. e) Data processing is mandatory for the establishment, exercise or protection of a right.
3. f) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

 

Transfer of Your Personal Data

Your personal data held by our Company may be transferred to persons, institutions and/or organizations required/permitted by the provisions of the law, other laws and other legislation to which we are affiliated; universities, public institutions and third parties from which we receive services to carry out our Company activities in order to carry out the services provided to citizens, within the scope of the applicable laws or by obtaining approval from the company management, within the framework of legal restrictions.

 

Method of Collection of Personal Data

Your personal data is collected by various methods, verbally, in writing or electronically, through all declarations/information forms and other documents regarding the Company’s transactions issued with your consent and/or signature in accordance with the Law and other relevant legislation, through notifications you will make with your electronic consent and/or signature, through channels such as our Institution, local service units, Web Pages, Mobile Applications, Call Center.

 

Your rights under Article 11 of the Law

Your personal data by applying to our organization;

1. a) To find out whether it has been processed or not,
2. b) Request information if processed,
3. c) Learning the purpose of processing and whether it is used in accordance with its purpose,
4. d) Knowing the 3rd parties to whom it is transferred domestically/overseas,
5. e) Requesting correction if incomplete/incorrect,
6. f) To request deletion/destruction within the framework of the conditions stipulated in Article 7 of the KVKK,
7. g) Request notification of the transactions made pursuant to Articles (e) and (f) to third parties to whom personal data are transferred,
8. h) Object to the occurrence of a result to your detriment due to analysis exclusively by automated systems,
9. i) If you suffer damage due to unlawful processing, you have the right to demand compensation for your damage.

 

Pursuant to paragraph 1 of Article 13 of the KVK Law, you can submit your request to exercise your rights mentioned above to our Institution in writing or via KEP with electronic signature. In this context, the channels and procedures you will submit your written application to our Institution within the scope of Article 11 of the KVK Law are explained below.

 

In order to exercise your rights mentioned above, you can fill out the form at www……………………………………………….tr and send a signed copy of the form to ………………………… ………………………… in person with documents identifying your identity, send it through a notary public or send the relevant form to …………………………………..@hs01.kep.tradresine with a secure electronic signature.

 

The data controller to whom you can apply within the scope of the Law

 

SVR SEVER MAKI SAN. VE TİC. A.Ş

…………………………………….. (Address)

This Cookie Policy (hereinafter referred to as the Policy within the scope of this text); It concerns the website operated by Sever Makine; It contains explanations regarding Sever Makine’s use of cookies. By accepting the information regarding the cookie policy in the “banner” or “pop up” that appears while using our site, you consent to the processing and use of cookies as specified in this Policy.

 

Who Sends Cookies and How?

 

Cookies are sent by Sever Machine and/or, *if the visited page provides some content such as videos or photos, by third parties and through the communication established between the browser (such as Google Chrome, Safari, etc.) on your device during your browsing and the servers of the above-mentioned organization.

 

For what purpose are cookies used?

 

Cookies are used for many different purposes. For example, cookies are mostly used for the following purposes:

 

Translated with DeepL.com (free version)

 

 

Proper functioning of the website (e.g. the presence of content such as text, photos, links in the relevant places)

Providing a more personalized and engaging experience for visitors (e.g. offering services tailored to your preferences)

Improving and optimizing the website (e.g., making pages that have errors or are not preferred functional); and

Remembering visitors’ preferences (for example, the information you enter when logging in to our website, language and other preferences)

Keeping visitors’ preferences about products (For example, the product added to your cart remains in your cart when the page is refreshed)

Keeping site navigation movements in a manner relevant to public safety

What kind of cookies do you use?

 

 

Session Cookies are temporary cookies that are kept on your devices until you leave the website.

Persistent Cookies Persistent cookies are the type of cookies that remain on your device’s hard disk for long periods of time and their usage period may vary from a few days to several years.

Mandatory Cookies It is mandatory for the website to function properly and for users to benefit from the services and navigation features offered on the site. For example, although not sent by us, social media sharing cookies sent to your device by social media networks so that you can share news that interests you on our site or access our accounts on the relevant platform are mandatory cookies.

Functional and Analytical Cookies It is used for purposes such as remembering your preferences, using the website effectively, optimizing the site to respond to user requests and contains data about how visitors use the site. Due to their nature, these types of cookies may contain your personal information. For example, cookies that save your language preference on our website are functional cookies.

Cookies for Advertising and Marketing Purposes Cookies are used to identify the products and similar products you are interested in, to provide you with a better purchasing experience in line with your explicit consent for processing, and contain data about which products visitors are interested in.

How is the information from your device used?

 

In addition, we use the content in the articles, news and other tabs on our website for statistical purposes by anonymizing the frequency of clicks during your visits and usage data regarding the pages visited. You do not have to accept cookies in order to use our website, but in this case, the quality of your user experience may decrease. You can delete or block cookies, but then our website may not work as it should. We do not use the data we collect through cookies to identify you. Cookies are not used for purposes other than those specified in this Policy and are not processed in violation of data protection legislation.

 

How Can You Prevent the Use of Cookies?

 

Although the use of cookies provides better service of the Website, you can prevent the use of cookies if you wish. However, please note that in this case, the site may not function fully and you may not be able to benefit from all its features. In order to prevent the use of cookies, you need to change the settings of your internet browser. These changes vary depending on the device and internet browser you use. Below is information on which steps should be followed to prevent the use of cookies through different internet browsers:

 

Internet Explorer

Open the desktop and tap or click the Internet Explorer icon on the taskbar.

2. Tap or click the Tools button and tap or click Internet options.
3. Tap or click the Privacy tab, then move the slider under Settings up to block all cookies and tap or click OK.

Microsoft Edge

From the top right corner of your Microsoft Edge browser, click on the section with the three dots and go to Settings.

2. In the new window that appears, select Select Items to Clean and then select the sections you want to clean from the window that appears.
3. There are many sections here. You can start the cleaning process by selecting the one you want

Google Chrome

Open Chrome on your computer.

2. Click More Settings at the top right.
3. At the bottom, click Advanced.
4. Under “Privacy and security”, click Content settings.
5. Click Cookies.
6. Search for the name of the Website under “All cookies and site data”.
7. Click the Remove icon to the right of the site

Mozilla Firefox

Click the Firefox Menu button and select Options.

2. Select the Privacy and Security panel and go to the History section.
3. Change the Firefox setting to Use custom settings for history.
4. Click the Show cookies… button. The Cookies window will appear.
5. In the Search: field, type the name of the site whose cookies you want to delete. Cookies matching your search will be displayed.
6. Select the cookie(s) you want to delete and click the Delete selected button.
7. Close the Cookies window by clicking the Close button. Then close about:preferences

Safari

Choose Safari > Preferences.

2. Click Privacy.
3. Click Website Data.
4. Select one or more websites and then click Delete or Delete All.

You can also delete all cookies left behind by the websites you visit through third-party software.

Opera

 

Go to the “preferences” section of your browser.

Select the “Advanced” section. You can edit cookies in the cookies section.

You can visit the clarification text at www.severmakine.com/kisisel-verilerin-korunmasi to get information about your personal data other than cookies together with this cookie policy.

 

PERSONAL DATA STORAGE AND DESTRUCTION POLICY

 

PURPOSE

 

Sever Makine, Personal Data Storage and Destruction Policy (“Storage and Destruction Policy”) is issued for the technical and administrative protection of personal data in accordance with the Personal Data Protection Law No. 6698 (“Law”), and to regulate the implementation of the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data (“Regulation”) published in the Official Gazette dated 28/10/2017 in case the conditions for processing personal data disappear.

 

RECORDING MEDIA WHERE PERSONAL DATA ARE STORED

 

Personal data belonging to data subjects are securely stored by Sever Makine in the environments listed below in accordance with the relevant legislation, especially the provisions of the Law:

 

Electronic media:

 

CRM

MS SQLServer

E-Mail Box

Microsoft Office Programs

Image Recorders

Call Center Management System

Belsis Automation System

 

Physical environments:

 

Unit Cabinets

Folders

Archive

 

EXPLANATIONS ON THE REASONS FOR RETENTION

 

Personal data belonging to the data owners are specifically by Sever Makine:

 

Sustainability of activities,

Fulfillment of legal obligations,

Planning and execution of employee rights and benefits,

Ability to manage business relationships,

For this purpose, it is stored securely in the aforementioned physical or electronic media within the limits specified in the Law and other relevant legislation.

 

Reasons requiring retention:

 

Personal data is directly related to the establishment and performance of contracts,

The use of personal data for the establishment, exercise or protection of a right,

Provided that personal data does not harm the fundamental rights and freedoms of individuals, it is in the legitimate interest of Akdeniz Municipality,

Fulfillment of any legal obligation of Akdeniz Municipality of personal data,

Legislation clearly stipulates the retention of personal data,

Explicit consent of data subjects in terms of storage activities that require the explicit consent of data subjects.

 

Pursuant to the Regulation, in the cases listed below, personal data belonging to data owners are deleted, destroyed or anonymized by Sever Makine ex officio or upon request:

 

Amendment or abolition of the provisions of the relevant legislation that constitute the basis for the processing or storage of personal data,

 

The purpose requiring the processing or storage of personal data disappears,

 

The disappearance of the conditions requiring the processing of personal data under Articles 5 and 6 of the Law.

In cases where the processing of personal data takes place only on the basis of explicit consent, the data subject’s withdrawal of consent,

 

Acceptance by the data controller of the application made by the data subject for the deletion, destruction or anonymization of his/her personal data within the framework of his/her rights under paragraphs 2 (e) and (f) of Article 11 of the Law,

 

In cases where the data controller rejects the application made by the data subject with the request for the deletion, destruction or anonymization of his/her personal data, his/her response is found insufficient or he/she does not respond within the period stipulated in the Law; filing a complaint to the Board and this request is approved by the Board,

Although the maximum period required for the retention of personal data has expired, there are no circumstances that would justify retaining personal data for a longer period of time.

 

MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA

 

In accordance with Article 12 of the Law, Sever Makine takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the preservation of the data, and to carry out or have the necessary audits carried out within this scope. Although all technical and administrative measures have been taken, in the event that the processed personal data is obtained by third parties illegally, Sever Makine will notify the relevant persons and units as soon as possible.

 

3.1 Technical Measures

Network security and application security are ensured.

Closed system network is used for personal data transfers through the network.

Key management is implemented.

Security measures are taken within the scope of procurement, development and maintenance of information technology systems.

Security of personal data stored in the cloud is ensured.

There are disciplinary regulations that include data security provisions for employees.

Training and awareness raising activities on data security are conducted for employees at regular intervals.

An authorization matrix has been established for employees.

Access logs are kept regularly.

Data masking measures are applied when necessary.

Corporate policies on access, information security, use, storage and disposal have been prepared and implemented.

Confidentiality undertakings are made.

The authorizations of employees who change their duties or leave their jobs in this area are removed.

Up-to-date anti-virus systems are used.

Firewalls are used.

Signed contracts contain data security provisions.

Personal data security policies and procedures are defined.

Personal data security issues are reported quickly.

Personal data security is monitored.

Necessary security measures are taken for entry and exit to physical environments containing personal data.

Physical environments containing personal data are secured against external risks (fire, flood, etc.).

The security of environments containing personal data is ensured.

Personal data is minimized as much as possible.

Personal data is backed up and the security of backed up personal data is also ensured.

User account management and authorization control system is implemented and monitored.

In-house periodic or random audits are carried out and conducted.

Log records are kept without user intervention.

Existing risks and threats have been identified.

Protocols and procedures for the security of sensitive personal data have been determined and implemented.

If sensitive personal data is to be sent via electronic mail, it is sent encrypted and using KEP or corporate mail account.

Intrusion detection and prevention systems are used.

Cyber security measures have been taken and their implementation is constantly monitored.

Encryption is performed.

Sensitive personal data transferred on portable memory sticks, CDs and DVDs are encrypted.

Data processing service providers are periodically audited on data security.

Awareness of data processing service providers on data security is ensured.

Data loss prevention software is used.

 

3.2 Administrative Measures

 

Employees are trained on technical measures to be taken to prevent unlawful access to personal data.

Access to personal data and authorization processes are designed and implemented within Sever Makine in accordance with the legal compliance requirements for processing personal data on a business unit basis. In limiting access, whether the data is of special nature and the degree of importance are also taken into consideration. Edremit Municipality has added records to all kinds of documents that regulate the relationship between it and its personnel and contain personal data that the obligations stipulated by the Law should be complied with in order to process personal data in accordance with the law, personal data should not be disclosed, personal data should not be used unlawfully and the confidentiality obligation regarding personal data continues even after the termination of the employment contract with Sever Makine.

Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of the Law and cannot use it for purposes other than processing, and that this obligation will continue after they leave their duties, and necessary commitments are obtained from them in this direction.

In the contracts concluded by Sever Makine with the persons to whom personal data are transferred in accordance with the law; provisions are added that the persons to whom personal data are transferred will take the necessary security measures to protect personal data and ensure that these measures are complied with in their own organizations.

In the event that the processed personal data is obtained by others through unlawful means, it shall notify the relevant person and the Board as soon as possible.

If necessary, it employs knowledgeable and experienced personnel about the processing of personal data and provides training to its personnel within the scope of personal data protection legislation and data security.

Sever Makine Implementation of the provisions of the Law.

 

MEASURES TAKEN REGARDING THE DESTRUCTION OF PERSONAL DATA

 

Although Sever Makine has been processed in accordance with the provisions of the relevant law, it may delete or destroy personal data based on its own decision or upon the request of the personal data owner if the reasons requiring its processing disappear. Following the deletion of personal data, the relevant persons will not be able to access and use the deleted data again in any way. An effective data tracking process will be managed by Sever Makine regarding the identification and tracking of personal data destruction processes. The process carried out will be the identification of the data to be deleted in order, the identification of the relevant persons, the identification of the access methods of the persons and the deletion of the data immediately afterwards.

 

Sever Makine may use one or more of the following methods to destroy, delete or anonymize personal data, depending on the environment in which the data is recorded:

 

5.1 Methods for Deletion, Destruction and Anonymization of Personal Data

 

5.1.1 Deletion of Personal Data

 

 

Translated with DeepL.com (free version)

Deletion of personal data is the process of making personal data inaccessible and non-reusable in any way for the relevant users. As a method of deleting personal data, Sever Makine may use one or more of the following methods:

 

– Personal data in the paper environment will be processed by drawing, painting, cutting or deleting with the blackout method.

 

– The access right(s) of the user(s) for the office files in the central file will be eliminated.

 

– The rows or columns containing personal information in the databases will be deleted with the ‘Delete’ command.

 

When necessary, they will be securely deleted with the help of an expert.

 

Translated with DeepL.com (free version)

 

5.1.2 Destruction of Personal Data

 

Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way by the following methods.

 

Physical Destruction

 

Destruction with Paper Shredder

 

Demagnetization: It is the method of distorting the data on the magnetic media in an unreadable way by passing it through special devices where it will be exposed to high magnetic fields.

 

5.1.3 Anonymization of Personal Data

 

Anonymization of personal data refers to making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching it with other data. Akdeniz Municipality may use one or more of the following methods to anonymize personal data:

 

Masking: Data masking is a method of anonymizing personal data by removing the basic identifying information of personal data from the data set.

 

De-registration: In the de-recording method, the data line that contains singularity among the data is removed from the records and the stored data is anonymized.

 

Regional Hiding: In the regional hiding method, anonymization is achieved by hiding the relevant data if it is determinative due to the fact that a single data creates a combination that can be seen very little.

 

Translated with DeepL.com (free version)

 

Global Coding: With the data derivation method, a more general content is created from the content of personal data and it is ensured that personal data cannot be associated with any person. For example; specifying ages instead of dates of birth; specifying the region of residence instead of the street address.

 

Adding Noise: The method of adding noise to the data, especially in a data set where numerical data is predominant, anonymizes the data by adding some deviations in the plus or minus direction to the existing data at a determined rate. For example, in a data set with weight values, a deviation of (+/-) 3 kg is used to prevent the display of real values and anonymize the data. The deviation is applied equally to each value.

 

In accordance with Article 28 of the Law; anonymized personal data may be processed for purposes such as research, planning and statistics. Such processing is outside the scope of the Law and the explicit consent of the personal data owner will not be sought.

 

Sever Makine will be able to take an ex officio decision regarding the deletion, destruction or anonymization of personal data and will be able to freely determine the method to be used according to the category it has chosen. In addition, within the scope of Article 13 of the Regulation, if the person concerned chooses one of the categories of deletion, destruction or anonymization of his personal data during the application, Akdeniz Municipality will be free to use the methods to be used in the relevant category.

 

PERSONAL DATA STORAGE AND DESTRUCTION PERIODS

 

Sever Makine stores personal data for the periods specified in Annex-1 for the purpose for which they are processed. If a period is stipulated in the legislation regarding the storage of the personal data in question, this period is complied with. In the absence of a period stipulated in the legislation, personal data will be kept for the maximum period for keeping personal data in the table in Annex-1. These periods; Sever Makine’s data categories and data owner person groups are evaluated; The data obtained as a result of this evaluation will ensure the fulfillment of the obligations in the laws and the maximum period of limitation (10 years) in the Turkish Code of Obligations has been determined by considering.

 

In the event that the obligation to delete, destroy or anonymize arises due to the expiration of these periods, Akdeniz Municipality deletes, destroys or anonymizes personal data in the first periodic destruction process following this date.

 

All transactions regarding the deletion, destruction and anonymization of personal data are recorded and such records are kept for at least three years, excluding other legal obligations.

 

PERIODIC DESTRUCTION PERIODS

Pursuant to Article 11 of the Regulation, the periodic destruction period is set as 6 months. Accordingly, periodic destruction is carried out in June and December every year. In the said systems, the information will be deleted from the tools such as documents, files, CDs, diskettes, hard disks, if any, where the data is saved, in a way that cannot be recycled.

 

PERSONNEL

Within the scope of the Law, Sever Makine, as the data controller, based on paragraph 1 of Article 11 of the Regulation, a personnel from each unit has been determined to fulfill the obligations in terms of the implementation of the data storage and destruction process of the Law.

 

These designated persons are responsible for the transactions and actions that take place within their limits of authority within the scope of the Turkish Commercial Code, Code of Obligations and Turkish Penal Code. In particular, the Chairman of the Sever Makine Personal Data Protection Committee has been elected as authorized to represent Sever Makine in law enforcement, prosecution offices, public institutions and courts and to testify. Each unit responsible will be obliged to supervise whether the relevant users in the unit act in accordance with the Retention and Destruction Policy and Personal Data Policy prepared within the framework of the Law and Regulation. All unit supervisors will report to the Chairman of the Akdeniz Municipality Personal Data Protection Committee the transactions carried out in accordance with this Retention and Destruction Policy within the specified periodic destruction periods. The decision resulting from the results of the work carried out for these reports will be put into practice.

 

REVISION AND REPEAL

In case the Retention and Destruction Policy is amended or repealed, the new regulation will be announced on the Akdeniz Municipality website.

EFFECTIVENESS

This Retention and Disposal Policy enters into force on the date of its publication.

INTRODUCTION

This Policy sets forth the principles to be adopted by Sever Makine regarding the processing and protection of personal data and to be taken into account in practice.

 

Our organization attaches importance to the processing and protection of personal data in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”) and acts in accordance with the Law in planning and services.

 

With the policy prepared within this framework; It is aimed to process and protect the personal data of our Citizens, Employees, Employee Candidates, Visitors, Institutions we cooperate with and Third Parties.

 

At the same time, necessary administrative and technical measures are taken by our Organization for the protection of personal data processed in accordance with the relevant legislation.

 

DEFINITIONS

Explicit Consent: Consent on a specific subject, based on information and expressed with free will,

Anonymization: Making the data previously associated with a person impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data,

Personal Data: Any information relating to an identified or identifiable natural person,

Processing of Personal Data: All kinds of operations performed on Personal Data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of Personal Data by fully or partially automatic or non-automatic means provided that it is part of any data recording system,

 

Personal Data Owner / Relevant Person: Persons whose personal data are processed by the Institution,

 

Institution / Data Controller: Gömeç Municipality,

 

KVK Law / Law: Law No. 6698 on the Protection of Personal Data,

 

Board: Personal Data Protection Board,

 

Sensitive Personal Data: Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

 

PURPOSE and SCOPE

This Policy is a guideline for our Organization to implement the rules set forth by the PDP Law and the relevant legislation.

 

The main purpose of the Policy is to make explanations regarding the processing and protection of personal data in accordance with the Law and to ensure transparency by informing the persons about the personal data processed by our Institution. In this way, it is aimed to ensure full compliance with the legislation in the processing and protection of personal data carried out by our Institution and to protect all rights of personal data owners arising from the legislation on personal data.

 

This Policy relates to all personal data of our Citizens, Employees, Employee Candidates, Visitors, Institutions we cooperate with and Third Parties, which are processed automatically or non-automatically provided that they are part of any data recording system.

 

PRINCIPLES

The actions and measures taken by our organization to ensure “data security” in accordance with the KVK Law are stated below.

 

In the deletion, destruction and anonymization of personal data, technical and administrative measures to be taken within the scope of the Law, the provisions of the relevant legislation and the decisions of the Board are complied with.

 

All transactions regarding the deletion, destruction and anonymization of personal data are recorded by our Agency.

 

Unless otherwise decided by the Board, the appropriate method of ex officio deletion, destruction or anonymization of personal data is determined based on the legislation we are subject to.

 

The conditions for processing personal data under the Law are regulated within the framework of the legislation. In case the Relevant Person applies to our Authority in this regard;

 

The requests are finalized within 30 (thirty) days at the latest and the Data Subject is informed,

 

In case the data subject to the request is transferred to third parties, this situation is notified to the third party to whom the data is transferred and necessary actions are taken before third parties.

 

In accordance with the PDP Law and other laws (657, 5510, etc.) to which they are subject, employees are legally obliged not to disclose the personal data they have learned to others in violation of the law, not to use them for purposes other than processing, and that this obligation will continue after they leave their duties.

 

The legal, administrative and technical obligations that the contractors must comply with when processing personal data as the data controller of our Institution are imposed on the contractors by the confidentiality agreement.

 

Our organization takes the necessary technical and administrative measures to store personal data in secure environments and to prevent the destruction, loss or alteration of personal data for unlawful purposes.

 

In accordance with the KVK Law, our organization conducts or has the necessary audits carried out within its own organization. The results of these audits are reported to the relevant units and managers and necessary actions are taken to improve the measures taken.

 

PROCESSING OF PERSONAL DATA

Our organization processes personal data within the scope of the laws to which it is subject while fulfilling its obligations and responsibilities.

 

Personal data cannot be processed without explicitly stated in the applicable laws or without the explicit consent of the data subject. The explicit consent of the personal data owner is only one of the legal grounds that make it possible to process personal data in accordance with the law. Apart from explicit consent, personal data may also be processed in the presence of one of the other conditions listed below.

 

Our organization may process the Personal Data of Personal Data Owners in cases expressly stipulated in the laws even without explicit consent. For example; Processing the identity information of the Tenderer Company Official in accordance with the Public Procurement Law.

 

Personal Data may be processed without explicit consent in order to protect the life or physical integrity of persons who are unable to disclose their consent due to actual impossibility or whose consent cannot be recognized as valid, or of another person. For example; Transmission of the identity card information of the visitor who fainted to the doctors by the security officer of the Institution.

 

Provided that it is directly related to the establishment or performance of a contract by the Institution, Personal Data of the parties to the contract may be processed. For example; Obtaining the account number information of the creditor party in order to pay the money in accordance with a contract.

 

The Authority may process Personal Data of Personal Data Subjects if it is mandatory to fulfill its legal obligations. For example; Submission of the information requested by the court to the court.

 

The Authority may process the Personal Data made public by the Personal Data Subjects themselves. For example; Publishing the contact information of the employee candidate on websites that allow job applications.

 

Personal data of the data subject may be processed if data processing is mandatory for the establishment, exercise or protection of a right. For example; storing data that has the quality of proof (for example, an invoice) and using it when necessary.

 

The Institution may process the Personal Data of Personal Data Subjects without seeking explicit consent in cases where data processing is mandatory for the exercise or protection of a legitimate right. For example; Camera recording for security purposes in the buildings and facilities of the Institution.

 

Our Institution does not process Special Categories of Personal Data without the explicit consent of the person concerned, except in cases expressly provided for by law.

 

While processing personal data;

 

It acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. In this context, it takes into account the proportionality requirements in the processing of personal data and does not use personal data for purposes other than its purpose.

 

It ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights of personal data owners and their legitimate interests.

 

Our organization processes personal data in connection with the services it provides and to the extent necessary for them.

 

It processes personal data in a manner that is conducive to the realization of the specified purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed.

 

It retains personal data only as long as specified in the relevant legislation. In this context, if a period of time is specified in the relevant legislation for the storage of personal data, our Institution acts in accordance with this period, and if no period is specified, it keeps personal data for the period required for the purpose for which they are processed.

 

PURPOSES OF PROCESSING PERSONAL DATA

Our organization processes your personal data for the following purposes;

 

To use it in the services that our organization will provide within the scope of the law and related legislation,

 

To realize our municipal services, to determine the information to determine the owner and addressee of all kinds of business and transactions in this context,

 

To organize the information and documents that will be the basis for the works and transactions to be carried out on paper or electronically,

 

To comply with the information retention, reporting and disclosure obligations stipulated by the judicial and administrative authorities in accordance with the relevant legislation,

Planing and execution of corporate sustainability activities,

Event management,

Management of relationships with corporate companies and contractors,

Execution of personnel recruitment processes,

Execution/follow-up of financial reporting and risk management processes,

Execution/follow-up of legal affairs

Plaing and execution of corporate communication activities,

Execution of corporate governance activities,

HIM and Access to Information request and complaint management,

Providing information to authorized institutions due to legislation,

Creation and follow-up of visitor records,

Improving the services offered through Websites and Applications,

Providing free and wireless internet services,

In the event that the processing activity carried out outside the aforementioned purposes does not meet any of the conditions stipulated under the PDP Law, the explicit consent of the personal data owner is obtained by the Institution regarding the relevant processing process.

CLASSIFICATION OF PERSONAL DATA

In line with the legitimate and lawful personal data processing purposes of our organization, personal data in the categories specified below are processed by informing the relevant persons in accordance with the Law by complying with all obligations set out in the Law. It is also stated in this section which data subjects the personal data processed in these categories are related to within the scope of this Policy.

Personal Data Class Description

Identity Information: Documents such as driver’s license, identity card and passport containing information such as name-surname, Turkish ID number, nationality, mother’s name-father’s name, place of birth, date of birth, gender, tax number, SSI number, signature information, vehicle license plate information, etc.

Contact Information : Information such as phone number, address, e-mail address, fax number, IP address, etc

Location Data: Information that determines the location of the personal data owner within the framework of the services carried out by the Institution or as a result of the services provided by the institutions we cooperate with; GPS location, address information, etc.

Citizen Data: Information obtained and produced about the relevant person as a result of the responsibilities of our organization and the services carried out by our units within this framework, etc.

Family Members and Relatives/Relatives Information Information about the family members (e.g. spouse, mother, father, child) and relatives of the personal data owner, custody information, emergency contact information, etc. in order to protect the legal and other interests of the personal data owner or related to the services provided by our organization.

Physical Space Security Information: Personal data related to the records and documents taken at the entrance to the physical space, during the stay in the physical space; camera recordings and records taken at the security point, etc.

Financial Information: Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship established by the organization with the personal data owner, and bank account number, IBAN number, credit card information,

income information etc.

Audio/Visual Information: Photographs and camera recordings (excluding recordings within the scope of Physical Space Security Information), voice recordings and data contained in documents that are copies of documents containing personal data, etc.

Personnel Information: All kinds of personal data processed for obtaining information that will be the basis for the formation of the personal rights of the employee of the organization, etc.

Sensitive Personal Data: Data specified in Article 6 of the KVK Law, etc. (e.g. health data including blood type)

Transaction Security Information: Personal data processed to ensure our technical, administrative and legal security while carrying out our activities within the scope of our responsibilities, etc.

Legal Transaction and Compliance Information: Personal data processed within the scope of determination and follow-up of our legal receivables and rights and performance of our debts and compliance with our legal obligations and the policies of the Institution, etc.

Service Information: Personal data processed for the service receiving habits, tastes and needs of the personal data owner of our services and the reports and evaluations created according to the results of this processing, etc.

Request/Complaint Management Information: Personal data related to the receipt and evaluation of all kinds of requests or complaints addressed to the Institution and the reports and evaluations created according to the results of such processing, etc.

BUILDING, FACILITY ENTRANCES AND DATA PROCESSING ACTIVITIES INSIDE

In order to ensure security by our organization, personal data processing activities are carried out in the buildings and facilities of our organization for the monitoring of security cameras and the tracking of guest entrances and exits. These activities are carried out through the use of security cameras, taking identification and recording guest entrances and exits.

Camera surveillance and record keeping carried out by our organization are carried out in accordance with the Law on Private Security Services and the relevant legislation.

In accordance with Article 12 of the KVK Law, necessary technical and administrative measures are taken by our organization to ensure the security of personal data obtained as a result of camera surveillance activity.

Internet access can be provided by our organization to our Visitors who request it during your stay in our Buildings and Facilities. In this case, log records regarding your internet access are recorded in accordance with the Law No. 5651 and the mandatory provisions of the legislation regulated in accordance with this Law; these records are processed only upon request by authorized public institutions and organizations or in order to fulfill our legal obligation in the audit processes to be carried out within the Authority.

WEBSITE and APPLICATION VISITORS

In the websites and applications owned by our organization; It records the visits of the people who visit these sites in order to ensure that they perform their visits on the sites in accordance with their purpose of visit.

SHARING OF PERSONAL DATA

Personal data held by our institution can be transferred to persons, institutions and/or organizations required/permitted by the provisions of the law, other laws and other legislation we are affiliated with; Balıkesir Metropolitan Municipality and Ayvalık Municipality, affiliated municipal companies, universities, public institutions and third parties from which we receive services to carry out our municipal activities within the framework of legal restrictions in order to carry out the services provided to citizens.

RETENTION PERIODS OF PERSONAL DATA

If stipulated in the relevant laws and regulations, our organization stores personal data for the period specified in these regulations.

If a period of time is not regulated in the legislation regarding how long personal data should be stored, Personal Data is processed for the period required to be processed depending on the activity carried out by the Institution while processing that data.

DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

As regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, our Institution deletes, destroys or anonymizes personal data upon the decision of the Institution or upon the request of the personal data owner, in the event that the reasons requiring its processing disappear, although it has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law.

In this context, our Agency takes the necessary technical and administrative measures within the Agency in order to fulfill the relevant obligation; It trains its relevant units to act in accordance with these obligations and ensures their assignment and awareness.

RELATED PERSON REQUEST MANAGEMENT

If personal data owners apply their requests regarding their rights through the application methods available on the corporate website www.severmakine.com under the heading “Protection of Personal Data”; the requests are finalized free of charge by our Institution within thirty days at the latest.

In order to exercise his/her rights, the Relevant Person may fill in the Application Form at www.severmakine.com and send a signed copy of it to export@severmakine.com in person with documents identifying him/her, or send it through a notary public.

TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA

In accordance with the Law, our Institution takes the necessary technical and administrative measures to prevent unlawful processing of Personal Data, to prevent unlawful access to data and to ensure the preservation of data. These measures are set out below;

Technical Measures

Technical measures are taken in accordance with the developments in technology, and the measures taken are periodically updated and renewed.

Access authorizations are limited and authorizations are regularly reviewed.

The technical measures taken are periodically reported to the relevant person as required by the internal audit mechanism, and the issues that pose a risk are re-evaluated and necessary technological solutions are produced.

Software and hardware including virus protection systems and firewalls are installed.

Technically knowledgeable personnel are employed.

Security scans are regularly performed to identify security vulnerabilities in applications where Personal Data is collected. It is ensured that the vulnerabilities found are closed.

Systems in accordance with technological developments are used to store Personal Data in secure environments.

Backup programs are used in accordance with the law to ensure the safe storage of Personal Data.

Access to the environments where Personal Data is stored is restricted and only authorized persons are allowed to access this data, limited to the purpose of storing the personal data.

Administrative Measures

Employees are informed and trained on the law on the protection of Personal Data and the legal processing of Personal Data.

All activities carried out by the institution are analyzed in detail for all units, and as a result of this analysis, Personal Data processing activities are revealed for the activities carried out by the relevant units.

In order to ensure the legal compliance requirements determined on a unit basis, awareness is created for the relevant unit and application rules are determined; necessary administrative measures are implemented to ensure the supervision of these issues and the continuity of the application.

Employees are trained on technical measures to be taken to prevent unlawful access to Personal Data.

In accordance with the legal compliance requirements for processing Personal Data, access to and authorization processes for Personal Data are designed and implemented within the institution.

All documents on the Sever Makine website are the property of Sever Makine. You may not modify, copy, reproduce, republish, upload to another computer, post, transmit or distribute any material on this site, including the code and software. Regardless of the above, you may print out the pages of the site for your personal use.

 

While measures have been taken within the available means to ensure that the Sever Makine website is free of viruses and similar software, the user is responsible for providing their own virus protection system and providing the necessary protection to ensure ultimate security. Within this framework, the user accepts that they are responsible for all errors that may occur in their own software and operating systems and their direct or indirect consequences due to entering the Sever Makine website.

 

All information on the Sever Makine website is for promotional and informative purposes only. The user cannot claim that the information on the website is incomplete or incorrect or that they have suffered damages based on this information. The user accepts that when the user intends to make a transaction by referring to the information, he/she is obliged to obtain the final and reliable information from Sever Makine and that Sever Makine has no liability due to the information published on the website being out of date.

 

Sever Makine reserves the right to change the content of the site at any time, change or terminate any service provided to users, and delete user information and data registered on the Sever Makine website, at its own discretion. Although Sever Makine has taken all necessary precautions to ensure that the website is error-free, no guarantee is given regarding existing or potential errors on the site.

In the event that a criminal complaint or official investigation request is made against the user by official authorities and/or if it is determined that the user has committed any electronic sabotage or attack that will prevent or change the operation of the Sever Makine systems, Sever Makine has the right to investigate the user’s identity information and notify the legal authorities.

 

Due to the nature of the internet, information can travel on the internet without sufficient security measures and can be obtained and used by unauthorized persons. No technological system is completely secure, “tamper-proof” or “hacker-proof”. Sever Makine takes the necessary precautions (software and hardware) to prevent and minimize the risks of unauthorized access, misuse or incorrect change to your personal information. Sever Makine is not responsible for any damage that may occur. The user must take all necessary security measures individually.

 

In some cases, information that is not specific to you may be collected. Examples of such information include the type of internet browser you use, your operating system and the domain name of the site from which you reached our site via a link or advertisement.

 

From time to time, information may be placed on your computer to help us identify you. This information is generally known as a “cookie”. This information, which shows how and when our visitors use this site, can help us improve our site. Cookie use is an industry standard and many websites use them. Cookies are stored on your computer. If you do not want to receive cookies or want to know when they are placed, you can set your browser accordingly if your web browser has this feature.

This policy will be implemented in accordance with the laws of the Republic of Turkey, without giving rise to any legal conflicts. If any article of this policy is illegal, invalid or legally unenforceable for any reason, then that article will be deemed to be removable from this policy and will not affect the validity and legal enforceability of the remaining articles.

The information you provide through the Sever Makina website will not be shared with third parties or used for commercial purposes in any way.

By entering and using this site, you agree to the terms of this Privacy Policy.