As a requirement of its legal and social responsibility, OKTAY CONSTRUCTION has accepted and committed to act in accordance with all legal regulations and international standards regarding data protection laws. OKTAY İNŞAAT (hereinafter referred to as the 'Company'), this is the basis of data protection, a business relationship with trust and the reputation of the Company.
This Personal Data Protection and Processing Policy covers the processing of all personal data together with the Clarification Text (statements made for the purpose of fulfilling the clarification obligation in data collection channels). Anonymized information for purposes such as statistical evaluations or reviews is not subject to this Data Protection and Processing Policy.
This Personal Data Protection and Processing Policy has been prepared in accordance with the Personal Data Protection Law No. 6698 dated 7 April 2016 (“KVKK”).
This policy; It concerns all personal data of our customers, potential customers, employee candidates, employees, employees, shareholders and officials of the institutions we cooperate with, and third parties, which are processed automatically or non-automatically, provided that they are part of any data recording system. This Personal Data Protection and Processing Policy issued by our company is dated 07 October 2016. In case of renewal of all or certain articles of the Policy, the effective date and version of the Policy will be updated. The policy is published on the official website of our Company and made available to the relevant persons upon the request of the personal data owners.
In the processing of personal data, the personal rights of the individuals concerned should be protected. Personal data must be collected and processed lawfully and fairly.
Personal data may only be processed for the purpose defined before the data was collected. Further changes are possible only to a limited extent and with justification.
The individual concerned should be informed about the use of their own information. Personal data is generally obtained directly from the individual concerned. When data is collected, the individual concerned should be aware of or be informed of the following items:
- Identity of the data controller and its representative, if any
- Purpose of processing personal data
- To whom and for what purpose the processed personal data is transferred or the categories of third parties
- Method and legal reason for collecting personal data,
- Rights of the person whose personal data is processed in accordance with article 11 of the KVKK
Before the processing of personal data, it is determined whether the processing is necessary to achieve the purpose and to what extent. Anonymous or statistical data are used when the purpose is acceptable and proportionate.
After the expiration of the legal or business process-related periods, including the record keeping obligations and the record keeping processes required for proof, the personal data that is no longer necessary is deleted, destroyed or anonymized.
The personal data in the file is kept up-to-date if it is accurate, complete and known. Appropriate measures have been taken by the Company to ensure that inaccurate or incomplete data is deleted, corrected, supplemented or updated.
Personal data is subject to confidentiality. It should be protected and kept confidential on a personal level by appropriate organizational and technical measures to prevent unauthorized access, illegal transactions, sharing, accidental loss, alteration or destruction.
The collection and processing of personal data will be carried out within the scope of the Clarification Text and the purposes stated below.
Personal data belonging to the customer (customer and potential customers) or business partner (if the business partner is a legal entity, business partner officer and employees) may be processed for the establishment, implementation and termination of a contract without further approval. Before the contract – personal data at the start of the contract; shopping mall and in this context, it can be processed for the purpose of ensuring customer safety, customer satisfaction, performance of contractual acts in accordance with the purpose and law, and meeting contractual demands. Data owners can be contacted in the light of the information they provide during the contract preparation process.
If the data owner requests information from the Company, his personal data may be processed to meet this request. Personal data is only processed for advertising or market and public opinion research if the purpose for which this information is collected is suitable for the said purposes. The data owner is informed that the information will be used for advertising purposes. In case the information is collected for advertising purposes only, data owners may not provide this information. The data subject is informed about his freedom to give his information for this purpose. The consent of the person is obtained for the processing of the data owner's information for advertising purposes. Within the scope of giving this consent, the data owner can choose between appropriate communication channels such as mail, e-mail or telephone. When the data owner does not allow the use of his information for advertising purposes, the data is no longer used for these purposes and is prevented from being used for these purposes.
Personal data may be processed without obtaining separate approval for the purpose of expressly stating the processing in the relevant legislation or fulfilling a legal obligation determined by the legislation. The type and scope of data processing must be necessary for the legally permitted data processing and must comply with the relevant legal provisions.
Personal data may also be processed without further approval when necessary for a legitimate interest of the Company. Legitimate interests are usually legal (eg, collecting debts) or economic (eg, avoiding breaches of contract).
Special categories of personal data are processed in the following cases, provided that adequate measures to be determined by the Personal Data Protection Board (“Board”) are taken: .
- Special categories of personal data other than the health and sexual life of the person concerned, in cases stipulated by law;
- Persons or authorized institutions and organizations that are under the obligation of confidentiality for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing processed by
In the absence of the above-mentioned data processing conditions, express consent is obtained from the data subject for data processing by the Company.
The processing of personal data used exclusively through automated systems to determine certain elements cannot be the sole basis for decisions that have negative legal consequences and negatively affect the person concerned. The person concerned has the right to object to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems. In order to prevent erroneous decisions, tests and reliability checks are carried out by the Company employee.
In the case of the collection, processing and use of personal data on websites or applications, the relevant persons should be informed about the privacy statement and, if necessary, about cookies. The privacy statement and cookie information are integrated in a way that can be easily identified, accessed directly and always appropriate for the person concerned. If usage profiles are created to evaluate the use of websites and applications, the person concerned is informed accordingly in the privacy statement. If websites or applications can access personal data in an area restricted to registered users, adequate protection is provided throughout the access, identifying and verifying the identity of the person concerned.
In business relations, personal data is processed without further approval, if necessary for the establishment, implementation and termination of the employment contract. The personal data of the candidates are processed when starting the business relationship. If the candidate is rejected, the information about the candidate is kept for the appropriate data retention period for a later selection stage, and at the end of this period, it is deleted, destroyed or anonymized
Personal data belonging to the employee may be processed without obtaining separate approval in order to clearly state the processing in the relevant legislation or to fulfill a legal obligation determined by the legislation.
Personal data belonging to the employee can be processed without obtaining further approval when a legitimate interest of the Company is required. Legitimate interests are usually legal (eg filing, exercising or defending legal rights) or economic (eg valuation of the company). Personal data are not processed for legitimate interest purposes in personal situations where the interests of employees need to be protected. Before the data is processed, it is determined whether there are interests that require protection. When the data of the employees are processed based on the legitimate interests of the Company, it is examined whether the processing is proportional. It is checked that the legitimate interest of the company in taking this control measure does not violate a right of the employee that needs to be protected, and it is applied only if it is measured.
Special categories of personal data are only processed under certain conditions. Data on racial and ethnic origin, political thought, religion, philosophical belief, sect or other beliefs, clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive data. has been defined as. Special categories of personal data can be processed with the explicit consent of the employee. Explicit consent can be processed by taking the principles specified in this policy and the necessary administrative and technical measures, depending on the nature of the personal data of special nature. Special categories of personal data are processed in the following cases, provided that adequate measures to be determined by the Board are taken in cases where the employee's explicit consent is not available:
- Special categories of personal data other than the employee's health and sexual life, in cases stipulated by law,
- Private personal data regarding the health and sexual life of the employee can only be collected by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. .
Telephone equipment, e-mail addresses, intranet and internet as well as intra-company networks are provided by the Company primarily for business-related tasks. These are work tools and Company resources. These tools must be used in accordance with legal regulations and Company internal regulations. There is no general supervision of telephone and email communications or intranet and internet use. In order to prevent attacks against IT infrastructure or individual users, protective measures are taken during transitions to the Company network, blocking technically harmful content or analyzing the modeling of attacks. Use of telephone equipment, e-mail addresses, intranet/internet and/or internal social networks is stored for a limited time for security reasons. Evaluations of these data regarding the individual are made only if there is a concrete suspicion regarding the violation of legal regulations. These controls are carried out by the relevant departments only on condition that the principle of proportionality is preserved.
The transfer of personal data to a third party outside the Company will be carried out within the scope of the purposes specified in the Clarification Text and the purposes stated below. The Company will be able to transfer personal data to the following persons and institutions for certain purposes;
- To the suppliers of our Company, on a limited basis, in order to ensure that the services that are outsourced by our company from the supplier and that are required to carry out the commercial activities of our Company are provided to our Company,
- To its affiliates, limited to ensuring the execution of commercial activities of our company that require the participation of affiliates,
- Legally Authorized public institutions and organizations, limited to the purpose requested by the relevant public institutions and organizations within their legal authority,
- To legally authorized private law persons, limited to the purpose requested by the relevant private law persons within their legal authority
Personal data by our company; It will only be transferred to foreign countries that have adequate protection by the Board after they are declared. For countries that are declared not to have sufficient protection; Personal data will be transferred in cases where data controllers in Turkey and in the relevant foreign country undertake in writing to provide adequate protection and where the Board has permission or where the data owner gives consent.
All data owners have the following rights. In case the data owner uses his rights and sends a request to the Company, the Company provides the necessary information; With this data privacy regulation, the Company informs the data owner about how the said right will be exercised and how the issues related to the information request will be evaluated.
- Learning whether personal data is processed or not,
- If personal data has been processed, requesting information about it,
- Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
- Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred
- Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing cease to exist despite the fact that it has been processed in accordance with the provisions of the KVKK and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
- Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems
- To request the compensation of the damage in case of loss due to unlawful processing of personal data
For the cases that are excluded from the scope of KVKK listed below, the persons concerned cannot claim their rights listed above in these matters, and therefore the Company is not under any obligation to fulfill the requests conveyed in this context:
- Processing personal data for purposes such as research, planning and statistics, by making them anonymous with official statistics.
- Processing of personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.
- Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security.
- Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings.
In accordance with KVKK, in the following cases, the persons concerned cannot claim their other rights, except for the right to demand the compensation of the damage, in the following situations:
- The processing of personal data is necessary for the prevention of crime or for criminal investigation.
- Processing of personal data made public by the personal data owner.
- The processing of personal data is required by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution based on the authority given by the law.
- The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
Personal data owners can send their requests regarding the above-mentioned rights to Gayrettepe Mah. Barbaros Bulvarı Pınar Apt No: 163/10 Beşiktaş / İstanbul address, by registered letter with return receipt and by sending a photocopy of their identity card (only the front side photocopy for the identity card) to the Company. In order for a person other than the personal data owner to make a request, there must be a special power of attorney issued by the personal data owner on behalf of the person to apply.
Duly requests submitted to the company will be finalized within thirty days at the latest. In the event that the conclusion of the aforementioned requests requires an additional cost, the fee in the tariff determined by the Board will be collected from the applicant by the Company.
The company may request additional information from the data subject in order to determine whether the applicant is the owner of personal data, and may ask a question about the application of the personal data owner in order to clarify the issues stated in the application.
Personal data is subject to confidentiality. Employees are prohibited from collecting, processing or using data without permission. Unauthorized use is the unauthorized data processing performed by employees outside of their legitimate duties. Know principle applies: Employees can access personal data only if it is appropriate to the scope and nature of the task in question.
Employees are prohibited from using, distributing, or otherwise making available personal data for private or commercial purposes. Managers should inform their employees about their data protection obligations at the time of initiation of the employment relationship. This obligation continues after the termination of the employment relationship.
The Company takes the necessary measures and controls to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes, to prevent the illegal access to the data and to ensure the preservation of the data, and in this context, it makes or has the necessary inspections made. This applies regardless of whether the data processing is done electronically or in writing. Before starting new methods of data processing, especially in the transition to new IT systems, technical and organizational measures for the protection of personal data are identified and implemented. These measures are based on recent developments, the risks of the transaction and the need for data protection as determined by the information classification process. Technical and organizational measures for the protection of personal data are part of company information security management and are constantly adapted to technical developments and organizational changes.
Compliance with the Personal Data Protection and Processing Policy and KVKK is ensured by regular data protection audits and other controls. The company carries out or has had the necessary inspections done within its own body.
The Company implements this Personal Data Protection and Processing Policy or the system that ensures that the personal data processed in accordance with the KVKK is obtained by others illegally, and the relevant person and the Board are notified as soon as possible. If deemed necessary by the Board, this situation may be announced on the website of the Board or by another method.
- If personal data cannot be traced by anyone or personal identity can be recreated with an unreasonable amount of time, expense and labor, the data is considered anonymized.
-Data breaches are events where there is justified suspicion about the illegal capture, collection, alteration, copying, distribution or use of personal data. This may relate to third parties and individuals.
- The person concerned is the natural person whose personal data is processed.
- Special quality data includes data related to the person's race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data.
- Personal data is any information that identifies a natural person or makes his/her identity identifiable. A person is identifiable if, for example, his personal relationship can be determined using a combination of information, even with possible additional information.
- Processing personal data, obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, of personal data fully or partially automatically or non-automatically provided that it is a part of any data recording system, It covers all kinds of operations performed on data such as classification or prevention of use.
Your personal information will only be used in line with service requirements, to access information specific to you or to contact you. This information will not be shared with third parties or published anywhere. Automatically Saved Information (Non-Personal Data) When you enter the website, general non-personal information (internet browser used, number of visits, average time spent on the site, pages viewed) is automatically recorded (separate from membership registration). This information is used to improve the overall quality of our site. Your information will not be further processed and forwarded to third parties. In this sense, with your consent, Oktay İnşaat Tur.İşl.San.ve Tic.A.Ş group companies, subsidiaries and affiliates, in accordance with the relevant provisions of the Personal Data Protection Law No. 6698 (“KVKK”). (including my phone, e-mail, address and other contact information) Oktay İnşaat Tur.İşl.San.ve Tic.A.Ş. It can be processed by group companies, subsidiaries and affiliates, used and shared limited to the purpose of processing within the scope of the relevant process, stored for the required period of time, subject to activities within the scope of electronic commerce legislation, and contacted via SMS, e-mail and call, and that you may be contacted when necessary. We would like to state that you have declared that the lighting has been done, that you have read and understood this text.
This Policy and all approvals and permits within the policy cover Oktay İnşaat Tur.İşl.San.ve Tic.A.Ş and even all their group companies, subsidiaries and affiliates; These data include electronic commerce activities that can be processed by all these companies and within the specified scope.
Commercial title: Oktay İnşaat Tur.İşl.San.ve Tic.A.Ş
Address: Gayrettepe Mah. Barbaros Bulvarı Pınar Apt No:163/10 Beşiktaş / İstanbuL
Mersis No: 0638-0281-8210-0010
Phone: +90 212 272 21 36
Resgitered e-mail address: email@example.com