LPPD

1. Data Controller

This information notice has been prepared by GİZİR AHŞAP İNŞAAT TURİZM SAN. TİC. A.Ş. (Address: Acıdere OSB Mah. Çanakkale Cadde No: 17 Sarıçam, ADANA – Mersis No: 0396062178600019, Tel: +90 (322) 394 43 40, e-mail: info@gizir.com) (the “Company”) in the capacity of data controller, pursuant to Article 10 of the Law No. 6698 on the Protection of Personal Data (“KVKK”) and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform.

This notice has been prepared for our esteemed visitors, customers, suppliers, business partners, and other relevant persons with whom we are in a commercial or business relationship.

All personal data shared with our Company may be processed lawfully, in connection with and limited to our activities and service purposes. Detailed provisions within the scope of this information notice can also be accessed in our Personal Data Processing and Protection Policy available on our website.

2. Definitions

– Personal Data: Any information relating to an identified or identifiable natural person.
– Processing of Personal Data: Any operation performed on personal data, wholly or partially by automatic means or by non-automatic means provided that it is part of a data recording system, such as obtaining, recording, storing, retaining, altering, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing its use.
– Recipient Group: The category of natural or legal persons to whom personal data is transferred by the data controller.
– Data Subject: The natural person whose personal data is processed.
– Data Recording System: Any environment in which personal data is processed wholly or partially by automatic means or by non-automatic means provided that it is part of a data recording system.
– Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

3. Personal Data and Purposes of Processing

Personal data that may be processed by our Company, provided that it is shared with us or deemed necessary, includes the following:

– Identity Data: Name, surname, Turkish ID number, signature, etc.
– Contact Data: Address, e-mail address, telephone number, etc.
– Physical Space Security: Entry-exit records, camera recordings, etc.
– Transaction Security: IP address, website log-in/log-out details, passwords, etc.
– Finance: Bank account details, etc.
– Professional Experience: Education status, profession, qualifications, certificates, etc.
– Personnel Records: Institution/organization and title information, personnel documents.
– Legal Transactions: Correspondence with judicial authorities, case files, etc.

Our Company processes your personal data for the following purposes: emergency management, information security, audits/ethics activities, access authorization, compliance with legislation, financial and accounting affairs, physical security, assignment processes, legal affairs, internal audit/investigation/intelligence activities, communication, human resources planning, business operations and monitoring, business process improvement, business continuity, logistics, procurement, after-sales support, sales, production and operations, customer relations, customer satisfaction, organization and event management, marketing analysis, advertising/campaign/promotion, risk management, archiving, contract management, strategic planning, request/complaint management, asset/resource security, supply chain management, wage policy, product/service marketing, operational security, investments, talent/career development, information to authorities, management processes, visitor records – all in accordance with Articles 5 and 6 of the KVKK.

4. Transfer of Personal Data

Our Company acts in compliance with the KVKK provisions regarding the transfer of personal data. Your personal data may be transferred to:

– Public authorities authorized under the applicable legislation (e.g. Personal Data Protection Authority, Ministry of Finance, Ministry of Customs and Trade, Ministry of Labor and Social Security, Information and Communication Technologies Authority, etc.);
– Real or legal persons responsible with us for ensuring data security (e.g. contracted service providers, business partners);
– Suppliers and service providers (law, tax, financial advisors, banks, etc.).

Personal data may also be transferred abroad under conditions stipulated in Articles 8 and 9 of the KVKK, provided that sufficient protection exists in the recipient country or, where such protection does not exist, adequate safeguards are ensured and the data subject retains the right to exercise their legal remedies.

5. Collection Method and Legal Grounds

Your personal data may be obtained through documents, forms, reports, and similar means transmitted to us by visitors, customers, suppliers, business partners, and relevant persons in the context of business relations; by non-automated means provided they form part of a data recording system; or by fully or partially automated systems.

The legal grounds for processing include:
– Explicitly stipulated by law;
– Necessity for the establishment or performance of a contract;
– Fulfillment of legal obligations;
– Necessity for the establishment, exercise, or protection of a right;
– Legitimate interests of the Company provided that fundamental rights and freedoms are not harmed;
– Explicit consent of the data subject, where required.

6. Rights of the Data Subject

Under Article 11 of the KVKK, you, as the data subject, have the following rights:

– To learn whether your personal data is processed,
– To request information if your personal data has been processed,
– To learn the purpose of processing and whether it is used appropriately,
– To know the third parties to whom data is transferred domestically or abroad,
– To request correction if data is incomplete or inaccurate,
– To request deletion or destruction of data within the framework of the legislation,
– To request notification of corrections/deletions to third parties,
– To object to adverse results arising solely from automated systems,
– To claim compensation in case of damages due to unlawful processing.

Applications can be submitted by filling in the Data Subject Application Form available on our website. Requests may be delivered in writing to our address at Acıdere OSB Mah. Çanakkale Cadde No: 17 Sarıçam, ADANA, or by e-mail to info@gizir.com, provided that the e-mail address has been previously notified to and registered with our Company’s systems.

Requests will be finalized within 30 days. Written responses may incur fees in line with the tariff set out in the legislation. If responses are provided in electronic media such as CD or flash memory, the cost of the medium may also be charged.

7. Amendments to the Notice

Our Company reserves the right to amend the provisions of this Information Notice at any time. Amendments shall take effect on the date they are published.

 

“This Privacy Policy has been prepared in accordance with the Turkish Law on the Protection of Personal Data (LPPD – Law No. 6698).”