The Law on the Protection of Personal Data

I. GENERALLY

Safi Derince Uluslararası Liman İşletmeciliği A.Ş. (“Company”) has adopted the principle of acting with care and principle in the processing and securing of all your personal data in accordance with the Constitution of the Republic of Turkey, international conventions on human rights to which our country is a party, and the Law on Protection of Personal Data No. 6698 (“Law on the Protection of Personal Data”) and relevant regulation.

The Company processes the personal data of partner of business partners, shareholders, customers, potential customers, visitors of the company, employees, prospective employees and employees, shareholders and officials of the institutions in cooperation and persons who applied for a job or visited the official website or natural persons who have relationship with the Company and takes necessary precautions for the storage of data and prepared this Confidentiality and Protection of Personal Data to inform you about company rules and policies on the processing of personal data within the framework of the law on the protection of personal data.

All the explanations made for personal data covers your special qualified personal data in this confidentiality and personal data protection policy prepared by the company.

 

II. DEFINITIONS AND WHICH PERSONAL DATA OF YOURS IS PROCESSED

 

Personal Data It is any information relating to an identified or identifiable natural person. Special Qualified Personal Data Your information on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction, and security measures and biometrical and genetical data. Processing of Personal Data It refers to all kinds of transactions performed on data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making it available, classifying or preventing the use of personal data fully or partially automatically or by non-automatic methods provided that it is a part of any data recording system. Personal Data Owner/Relevant Person These are business partners, shareholders, customers, potential customers, visitors, employees, prospective employees and employees of institutions in cooperation, shareholders and officials and natural persons who visit our website or have relationship with group companies in any other way.

 

In the company processes data in the table by fulfilling the obligation to inform and to obtain consent when necessary in compliance with the principles specified in the legislation, especially the principles specified in Article 4 of the law on protection of personal data and the obligations imposed by the laws in case of existence of the personal data processing conditions specified in Articles 5 and 6 of the law on protection of personal data in line with the legitimate and lawful personal data processing purposes of the company.

 

Identity Data Your name, surname, TR ID Number, date and place of birth, gender, marital status, nationality, and documents such as driver’s license, ID card, passport, SSI number and signature information where necessary Communication Data Your e-mail address, address, city/town, house and/mobile phone number, IP address when visiting our websites Special Qualified Personal Data If included in your resume, job applications and personal files, and any contract signed between you and the company in order to fulfill our legal obligations, information on your membership of associations, foundations, trade unions, political parties, religious or philosophical views, ethnic origin and race or your opinion on the subject, health and criminal record. Education Data Educational background, certificate and diploma information, specialist knowledge, foreign language knowledge, education and skills, seminars and courses attended, computer knowledge Location Data Information that determines the location of the vehicle while driving the vehicles of the group companies, GPS location, travel data Transaction Security Information Personal data processed regarding technical, administrative, legal and commercial security while the group companies carry out their activities Website/ Application Use Data The time and duration of accessing the websites of the group companies, which browser is used to connect (iOS/android/mobile site/ website), IP address, information obtained through cookies, log records Personnel Information All kinds of personal data processed for obtaining documents and information that will be the basis for the formation of personnel rights of natural persons who have any business relationship with group companies Physical Location Security Information Personal data regarding the records, information and documents received at the entrance to the physical spaces of the group companies, camera records, visitor records taken in safety point, fingerprints, data obtained while accessing Wi-Fi Financial Information Information such as bank account number, IBAN number, income information, financial profile due to legal, commercial, financial relationships established with group companies Legal Transaction Information Data processed within the scope of determination and follow-up of legal receivables and rights of group companies, performance of debts and legal obligations Risk Management Information Personal data processed through the methods used in accordance with the generally accepted legal, commercial practice and good faith in these areas to manage commercial, technical and administrative risks Request/Complaint/Demand/Questionnaire Management Information Personal data obtained due to all kinds of requests, demands, complaints directed to group companies and data processed about people who participated in all kinds of questionnaires made by group companies regarding evaluations

 

In accordance with paragraph 2 of article 5 of the law on the protection of personal data, Group Companies has right to process your personal data (personal data other than health and sexual life) without takin explicit consent, if it is clearly stipulated in the laws, if it is compulsory for the protection of the life or physical integrity of the person or someone else who is unable to express his consent due to actual impossibility or whose consent is not legally valid, provided that it is directly related to the conclusion or performance of a contract, if it is compulsory to process the personal data of the parties to the contract, if it is necessary for the data controller to fulfill its legal obligation, if it is made public by the related person, if data processing is mandatory for the establishment, exercise or protection of a right, if data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data controller.

III. THE PURPOSE OF PROCESSING YOUR DATA

Company processes your data:
» To ensure the safety of all persons and institutions that our company is in contact with,
» To ensure the safety of our company,
» To issue and perform a contract, to fulfill of our legal obligations, to establish, exercise or protect a right,
» To be able to meet the requirements of the services we provide in accordance with the requirements of technology, and to develop our products and services,
» To carry out and organize all our activities,
» To carry out activities of human resources,
» To ensure transparency along with commercial and legal safety,
» To ensure and audit compliance with legal regulations,
» To carry financial processes
» To provide legitimate interests in a way not to contradict the laws, fundamental rights and freedoms of individuals and personal interests,
» To ensure commercial and administrative management,
» For the various legal compliance reasons,

with considering the law on protection of personal data and other laws and regulations and the standards regarding the information security and protection of personal data and in accordance with the principles in the regulations and collects your personal and private data in automatic or non-automatic ways as verbally, in writing or electronically, and processes it within the scope of the law on protection of personal data according to the processing purpose. In addition, while Company processes the personal data, Company stores it:

» In accordance with the law and honesty rules
» Accurately and up to date when necessary
» For certain, clear and legal purposes
» in a limited and measured manner in connection with the purposes for which they operate.
» For the period stipulated in the relevant legislation or required for the purpose for which they are processed.

 

IV. METHODS OF PERSONAL DATA COLLECTION AND LEGAL CAUSES

Your personal data can be collected by the company by automatic or non-automatic methods as verbal, written, technical and various methods through channels such as business partners, shareholders, customers, potential customers, visitors of the company, employees, prospective employees and employees, shareholders and officials of the institutions in cooperation for abovementioned purposes.

Your personal data can be collected by the company from the person directly and with various agreements signed and printed documents, business partners, contractual institutions and institutions in cooperation, complaint/demand management systems, video and audio recording, corporate web sites, cookies, electronic mail, telephone, SMS, market research companies and reference.

V.TO WHOM AND FOR WHAT PURPOSES YOUR PERSONAL DATA CAN BE TRANSFERRED

Your personal data, which is informed that it is processed above, can be transferred to business partners, institutions in cooperation, relevant institutions, banks and financial institutions, relevant units from which legal support is received, public institutions and organizations in line with the legitimate interest of the Company in line with the purpose of the products and services offered, regulatory, supervisory institutions and official authorities, in cases stipulated by the relevant legislation, within the personal data processing conditions and purposes specified in Articles 8 and 9 of the the law on the protection of personal data within the purposes above, in accordance with the law on the protection of personal data and regulations in force, as it can be shared between companies, including but not limited to those listed.

Besides, your personal data may be transferred abroad by the Company for the above-mentioned purposes;

• In case there is data holder’s explicit consent or
• In case there is no data holder’s explicit consent but one or more terms above is met
• In case there is sufficient protection in countries where data is transferred
• In case that there is not sufficient protection in the country where the data is transferred, it can be transferred provided that our company undertakes in writing with the data controller in the relevant foreign country and that the permission of the Personal Data Protection Board is obtained.

VI. PROVIDING SAFETY AND CONFIDENTIALITY OF YOUR PERSONAL DATA

The company takes various technical and administrative precautions to:
» To raise awareness of employees by conducting various training activities on the subject of personal data protection,
» To act in accordance with requirements of personal data policy,
» In cases where personal data transfer is in question, to ensure adding a record to the contracts concluded with the persons to whom the personal data is transferred, indicating that the party to which the personal data is transferred will fulfill the data security,
» For the preparation of personal data inventory by the Company except exemptions,
» To protect physical environments containing personal data against external risks with appropriate methods and to control the entrances and exits to these areas,
» To have personnel who have specialty in technical issues for the data processed in electronical media and to use various software and programs to protect these,
» To conduct data backup works,
» To audit for the implementation of precautions taken,

to prevent illegal processing and accessing the personal data processed and to ensure data protection, in accordance with article 12 the law on protection of personal data.

VII. ACCESS TO PERSONAL DATA AND YOUR RIGHTS UNDER THE LAW ON PROTECTION OF PERSONAL DATA

In accordance with Article 11 the law on protection of personal data, the data owner has the following rights:

• To learn whether personal data has been processed,
• To request personal information if personal data is processed,
• To learn the purpose of processing personal data and whether they are used appropriately,
• To know the third parties in which personal data is transferred at home or abroad,
• To request the correction of personal data in case of incomplete or incorrect processing, and request that the transaction made in this scope be notified to third parties where personal data is transferred,
• Although it has been processed in accordance with the Law No. 6698 and other relevant provisions of the law, to request the deletion or destruction of the personal data in case the reasons requiring the processing of the data to be eliminated and request that the transaction made in this scope be notified to the third parties where the personal data is transferred.
• To object to the emergence of a result against the individual by analyzing the processed data exclusively through automatic systems,
• To demand the loss, if there is loss due to the unlawful processing of personal data.

VIII. YOUR REQUEST ON YOUR PERSONAL DATA

You are required to send documents identifying your identity and with a wet signature to the address "D-100 Karayolu No:26/1 Safi Espadon Kule Kartal/Istanbul" by registered letter with return receipt or notary public in accordance with the article 13 of the law on the protection of personal data, your requests regarding your rights specified in this policy, except for the exceptions listed in the article 28 of the law on the protection of personal data.

The relevant person must clearly and comprehensibly state the matters requested in the application, which includes explanations regarding the right to be exercised and requested to use the above-mentioned rights.

The company shall conclude your request free of charge within the shortest time following the receipt of relevant documents and 30 (thirty) days of at the latest. The company shall not charge up to ten pages if the requests will be responded in written and reserves the right to charge a fee based on the fee schedule stipulated by the legislation for responses over ten pages. If the response to the application is given in a recording medium such as a CD or flash memory, the Company may charge a fee equal to the cost of the recording medium from the requesting data owner.

Pursuant to Article 14 of the Law on the Protection of Personal Data, in cases where the application is rejected, the response is found insufficient, or the application is not answered in due time, the personal data owner can complain to Board within 30 (thirty) days from the date of learning of the Company's response and within 60 (sixty) days from the application date in any case. It is not possible to apply to the complaint procedure without exhausting the application method. Along with all these, the Company states that it reserves the right of updating in cases when legal regulations and legitimate interests in this policy.

Download KVKK Information Request Application Form