PDPL

LIGHTING TEXT

(within the scope of article 10 of KVKK)
A.

Your Personal Data Exit Dokuma San. ve Tic. Ltd. Ltd. Şti by La Mer Deluxe business (during accommodation services). The text of the clarification is mandatory within the scope of the Law on the Protection of Personal Data No. 6698.

B.

Data controller Exit Dokuma San. ve Tic. Ltd. Şti. The address of the data controller is DOSAB Mustafa Karaer Cad. Sarmaşık Sok. No.8 Osmangazi – BURSA. These addresses will be used to exercise the rights of the data controller in Article 11 of the KVKK.

C.

Exit Dokuma San. ve Tic. Ltd. We are operating within the scope of the marina services contract you have made with the La Mer Deluxe business operating within the body of Sti. The data we need for the establishment and continuation of the contractual relationship are listed below and these data are;

  • Manage and complete reservation, transportation, payment, settlement processes,
  • To be able to communicate,
  • To provide information about our products, campaigns, promotions,
  • To provide you with customized services,
  • Analyze,
  • To ensure the legal and commercial security of our company and those who have a business relationship with our company,
  • Organizing administrative operations,
  • To ensure the physical security and control of the departments of the company,
  • Use in partner/customer/supplier evaluation processes,
  • Determine and implement our company's commercial business strategies,
  • To ensure the execution of our company's human resources policy,
  • Fulfilling the legal obligations determined by the relevant legislation and providing information,
  • To ensure the management and safety of the marina,
  • Establishing the boat mooring contractual relationship and ensuring the continuation of the contractual relations,

It is collected and processed for its purposes.

In order to manage accommodation services, we need to process the following data:

For accommodation service,

  • Credentials
  • Contact Information (Address, phone number, e-mail, )
  • Vehicle License Plate Number (For Parking Lot)
  • Your personal data is recorded. Your data defined above is requested and processed by you within the framework of the contractual relationship.
D.

Your personal data, collected and processed as stated above, may be transferred between data controllers and data processors, between data processors, accommodation facilities, within the scope of mandatory notifications arising from the law and the request of public institutions and organizations (Police Directorate, judicial authorities, relevant Ministry). The purpose of the transfer is that your personal data is necessary within the framework of the contractual relationship, the execution of the services, the fulfillment of the issues in the collection purposes listed in article C.

There is no transfer of data abroad in our facility.

E.

Our facility is monitored with camera records for your safety and the camera records are renewed periodically every 15 days. On request, only the records for 15 days prior to the request date can be accessed. Camera recordings are not recorded on any data or server. Areas monitored by the camera are indicated with warning signs.

F.

As a data collection method, the establishment and management of the contractual relationship and within the framework of the legal reasons specified in article C and in line with the request of the relevant public institutions and organizations, filling your reservation information either from our website or directly through the application, submitting the information and documents requested by you in line with our request, methods of obtaining via e-mail and telephone are used.

G.

The person whose personal data is processed can use the rights numbered in Articles 11 and 7 within the scope of Law No. Please visit www.suitelamer.com for information. To learn about the methods of deletion of your data, take a look at our policy titled "Personal Data Protection Policy" at www.suitelamer.com for detailed information about our data deletion, destruction, anonymization policy.

PERSONAL DATA PROTECTION POLICY

A. GENERAL INFORMATION

The protection of your personal data is very important for our accommodation business and a high level of sensitivity is shown for the protection of your data. Apart from the data we process and need within the framework of the contractual relationship, your data is stored in a secure environment in order to provide you with a better quality service and to establish the special standards we have stated below.

Your personal data pursuant to the International Convention on the Protection of Individuals Against the Automatic Processing of Personal Data, 96/45/EC directive, GDPR (General Data Protection Regulation) and Personal Data Protection Law No. 6698, which was published in the Official Gazette on 07.04.2016 and entered into force. is among the values and policies that our company attaches importance to in the corporate sense. The aim is to protect the privacy of your private life, the fundamental rights and freedoms of individuals, and to inform you about the procedures and principles that natural and legal persons processing personal data must comply with. According to Article 20 of the Constitution of the Republic of Turkey, all natural persons have the right to demand the protection of their personal data. Regarding the protection of personal data, which is a constitutional right, Exit Dokuma San. ve Tic. Ltd. Şti's La Mer Deluxe business is managed with this policy, necessary care is taken to protect your personal data and all measures are taken.

According to Article 7 of the Law on the Protection of Personal Data No. 6698 and the Regulation on the Deletion, Destruction or Anonymization of Personal Data, the data controller is responsible for keeping your personal data for a certain period of time, deleting, destroying and anonymizing your personal data upon request or ex officio. responsible for making it. The retention, deletion, destruction and anonymization periods and administrative/technical measures and related methods are specified in our policy.

B. BASIS

This text has been prepared in accordance with the Law on Protection of Personal Data No. 6698, Regulations and Communiqués.

C. DEFINITIONS

Data Controller: Exit Dokuma San. ve Tic. Ltd. Şti, determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

  1. Personal Data: Any information that identifies or makes it identifiable.
  2. Relevant Person: Natural person whose personal data is processed
  3. Board : Personal Data Protection Board
  4. Application: Application made within the scope of Article 13 of the Law (Application form is attached.)
  5. Registered Electronic Mail Address (KEP): The qualified form of electronic mail that provides legal evidence regarding the use of electronic messages, including sending and delivery,
  6. Secure Electronic Signature: It refers to the electronic signature that is created with the secure electronic signature creation tool, which is solely dependent on the signer and is only at the disposal of the signer, enables the identification of the signer based on the qualified electronic certificate, and enables the determination of whether any changes have been made to the signed electronic data afterwards.
D. DATA SPEAKER

Data controller Exit Dokuma San. ve Tic. Ltd. Şti(VKNO: 3810427773) (La Mer Deluxe Villa).

E. WHY DO WE PROCESS YOUR PERSONAL DATA? WHICH PERSONAL DATA DO WE PROCESS?
  • Manage and complete reservation, transportation, payment, settlement processes,
  • To be able to communicate,
  • To provide information about our products, campaigns, promotions,
  • To provide services to you by customizing
  • Analyze,
  • To ensure the legal and commercial security of our company and those who have a business relationship with our company,
  • Organizing administrative operations,
  • To ensure the physical security and control of the departments of the company,
  • Use in partner/customer/supplier evaluation processes,
  • Determine and implement our company's commercial business strategies,
  • To ensure the execution of our company's human resources policy,
  • Fulfilling the legal obligations determined by the relevant legislation and providing information
  • To provide accommodation management and security,

In order to;

For accommodation service,

  • Credentials
  • Contact Information (Address, phone number, e-mail, )
  • License Plate Number (for parking use)

Your personal data is recorded. Your data defined above is requested and processed by you within the framework of the contractual relationship.

F. CAMERA RECORDING

Our facility is monitored with camera records for your safety and the camera records are renewed periodically every 15 days. On request, only the records for 15 days prior to the request date can be accessed. Camera recordings are not recorded on any data or server. Areas monitored by the camera are indicated with warning signs.

G. PROVISIONS ON DATA SECURITY.

The data controller is responsible for ensuring the security of the data and ensures that the data is processed in accordance with the following issues.

  • Processing personal data in accordance with the law and honesty rules,
  • Keeping personal data up to date with correct and appropriate periods,
  • Processing personal data for specific, explicit and legitimate purposes,
  • Processing personal data in connection with the purpose for which they are processed, limited and measured,
  • Preserving personal data for as long as required by the relevant legislation or for the purpose for which they are processed,
  • To enlighten and inform personal data owners,
  • To establish the necessary system for personal data owners to exercise their rights,
  • To take the necessary measures in the protection of personal data,
  • To act in accordance with the relevant legislation and KVK Board regulations in the transfer of personal data to third parties in line with the requirements of the processing purpose,
  • To show the necessary sensitivity to the processing and protection of sensitive personal data.
H. TRANSFER OF PERSONAL DATA.

There is no data transfer abroad at our facility.

I. WHAT IS THE METHOD OF COLLECTING YOUR PERSONAL DATA AND WHAT IS THE LEGAL REASON?

Your personal data for the purposes specified in article B above and within the scope of personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK No. 6698; All kinds of data kept in written, verbal and electronic media are stored both during the reservation and sales process and after entering the facility, and your personal data is archived by taking all necessary security measures, by the data controller or the person authorized by the data controller, in the files to be opened on your behalf. In the processing of your sensitive personal data, in addition to the security measures taken by us, the measures determined by the Personal Data Protection Board are also meticulously fulfilled.

J. RIGHTS OF REAL PERSONS whose PERSONAL DATA IS PROCESSED

Everyone, by applying to the data controller;

  1. Learning whether personal data is processed,
  2. Request information on personal data if it has been processed,
  3. Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
  4. Knowing the third parties to whom personal data is transferred at home or abroad,
  5. To request correction of personal data in case of incomplete or incorrect processing,
  6. To request the deletion or destruction of personal data under the conditions stipulated in the law,
  7. To request that third parties to whom personal data have been transferred be notified of these transactions, in cases where the personal data needs to be processed incompletely and incorrectly, personal data deleted or destroyed,
  8. Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
  9. He/she has the right to request the compensation of the damage in case of loss due to unlawful processing of personal data.

To use your rights mentioned above, with your clear identity information and the explanations about your right you want to use in a clear and clear language, you can send it to DOSAB Mustafa Karaer Cad. Sarmaşık Sok. We kindly request you to send it to our address No.8 Osmangazi – BURSA with wet signature or with a secure electronic signature to our e-mail address info@suitelamer.com. The applications you have made must be solely your own. For applications to be made on behalf of someone else, your legal documents showing that you represent the applicants must be attached to the application petition. Applications made within this scope will be returned to you within 30 days at the latest. The applications in question are completely free, but if the process requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board may be charged. You can visit www.kvkk.org.tr for the tariff.

K. MEASURES TO BE TAKEN BY DATA SPECIALIST.

Adequate precautions to be taken by the data controller when processing data are as follows:

  • Determining a separate policy and procedure regarding the security of sensitive personal data,
  • Providing regular training for employees involved in the processing of data in the category of special personal data, making confidentiality agreements, defining access authorizations,
  • In case of keeping personal data of special nature in electronic environment, keeping it encrypted and logging all transaction records performed on the data,
  • Taking adequate security measures (fire, flood, flood, theft, etc.) and keeping entrances and exits under control, in case sensitive personal data is stored in physical environments,
  • Even if there will be a transfer of sensitive personal data, this transfer is encrypted and using secure transfer methods.
L. DATA DISPOSAL SCHEDULE and ANONYMIZATION
DATA STORAGE PERIOD DISTRICATION METHOD
For accommodation service,

Credentials

Contact Information (Address, phone number, e-mail, )

Vehicle License Plate Number (For Parking Lot)

Cannot be processed without the explicit consent of the person concerned. If there is explicit consent, the retention period is 10 years.

If there are some regulations in the law, it can be processed without explicit consent.

Storage time max. 10 years.

Masking, Blackening, Anonymizing, Destroying, Destroying
Name-Surname, Identity Document, Passport, Identity number, Tax number, Max. 10 years Extraction and data preparation / sampling generation, Anonymization
M. ADMINISTRATIVE AND TECHNICAL MEASURES TAKEN FOR DATA STORAGE

Exit Dokuma San. ve Tic. Ltd. Şti will process, use and disclose your personal data only for the purposes it has disclosed.

Contracting must be required by law or by competent government and judicial authorities, necessary to defend, or present a legal claim, necessary to prevent deliberate attacks on the La Mer Deluxe digital security system, fraud or illegal activity.

/p>

All computers in our facility are protected by Antivirus program and higher security antivirus programs are used on our server computers to protect your personal data.

Your data is stored in physical and digital environment. Your data stored in the digital environment is masked and stored in the physical environment, and only the data controller and, when necessary, the data processor has limited access to your data.

Fields where your data is stored:

  • Unit cabinets
  • Archive Cabinets
  • File Server
  • Firewall
  • Printer Interface
  • Switchboard Device
  • Virtual Backup Area
  • Hotspot

Our IT unit works for the security of our data storage program that keeps your data in a safe environment, and our program is updated every day against all external attacks and interface maintenance is carried out.

When your data is requested by the relevant units, the IT unit makes it possible to share on a limited basis and only the data processors are allowed for the required period of time. Password changes are made periodically and the passwords of data processors who leave the job are also canceled on the same day.

Your personal data, whose retention period has expired, is anonymized and destroyed.

In our facility, secure internet conditions are provided with different networks, Firewall and Hotspot. According to 5651 law, all your inputs and outputs are stored with log records.

CUSTOMER DATA SPEAKER

Exit Dokuma San. ve Tic. Ltd. Ltd.

PERSONAL DATA STORAGE AND DISPOSAL POLICY

Within the scope of the Law on Protection of Personal Data No. 6698 and the Deletion, Destruction or Anonymization of Personal Data, we would like to inform the data subjects, whose personal data we process, how long their data is kept in our system and about the destruction conditions and durations. Data controller Exit Dokuma San. ve Tic. Ltd. Sti and its business La Mer Deluxe, the destruction policy will be applied.

Definitions

Recipient Group: The category of natural or legal person to whom personal data is transferred by the data controller,

Explicit Consent: Consent on a specific subject, based on information and expressed with free will.

Data Processor: Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for technical storage, protection and backup of the data.

Data Registration System: The registration system in which personal data is processed and structured according to certain criteria.

VERBIS: Data Controllers Registry Information System.

Destruction: Deletion, destruction or anonymization of personal data.

Recording Medium: Any medium containing personal data that is fully or partially automated or processed non-automatically, provided that it is a part of any data recording system.

Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28 October 2017.

Policy: Personal Data Retention and Disposal Policy

Personal Data: Any information relating to an identified or identifiable natural person.

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing personal data completely or partially automatically or non-automatically provided that it is a part of any data recording system All kinds of operations performed on data such as transferring, taking over, making it available, classifying or preventing its use.

Anonymization of Personal Data: Making personal data impossible to associate with an identified or identifiable natural person under any circumstances, even by matching with other data.

Deletion of Personal Data: Deletion of personal data; making personal data inaccessible and non-reusable for the relevant users.

Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and reusable by anyone.

Board:Personal Data Protection Board.

Periodic Destruction:The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in the event that all of the personal data processing conditions in the Law are eliminated.< /p>

Data Owner/Relevant Person: Natural person whose personal data is processed.

Personal Data Inventory: Personal data processing activities carried out by data controllers depending on their business processes; The inventory, which is created by associating the personal data processing purposes and legal reason, data category, the transferred recipient group and the data subject group, by explaining the maximum storage period required for the purposes for which personal data is processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security.

Processing of Personal Data: Obtaining, recording, storing, storing, changing, rearranging, disclosing personal data completely or partially automatically or non-automatically provided that it is a part of any data recording system, all kinds of operations performed on data such as transferring, taking over, making it available, classifying or preventing its use.

Periodic Destruction : The deletion, destruction or anonymization process that will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in the event that all of the personal data processing conditions in the law are eliminated.

Principles

First of all, we would like to state that we, as a company, use a data storage method and tool that complies with the requirements.

* A destruction policy should not be adopted that is contrary to the law and regulations numbered 6698, 108+ agreements and the Decisions of the Personal Data Protection Board.

*Your personal data, which we collect in the areas specified in our personal data protection policy and in the clarification text, are recorded and stored in a secure area and are kept for at least 3 years, excluding our storage activities, in accordance with legal obligations.

*The Law and Regulation No. 6698 gave us the right to choose and manage the process of destruction of personal data. According to the type of personal data, the data controller will determine the destruction method himself. If the person concerned has a request, the appropriate method will be chosen by explaining the reason. Before destroying the data, the data controller will make a notification to the registered e-mail address or registered address of the data subject and will inform about the method by which the data will be destroyed.

*While personal data is being destroyed, necessary administrative and technical measures will be taken in this process. After disposal, it will be recorded and stored in a safe environment for at least 3 years. The provisions of the period to be kept due to legal obligations are reserved.

*Customer, employee candidate, employee, subcontractor and supplier data that are not active in our company will be destroyed immediately, except for the periods when they are kept in the law, and the information regarding the destruction and the method of destruction will be notified to the relevant person by an appropriate method.

*The person concerned will also be able to request the deletion of their data from the company. In this case, the company responds to the application within 30 days at the latest, and the groups to which the data is transferred will also be informed about the application and the data will be deleted if the deletion conditions are met. The person concerned will be given a reasoned response as to why the personal data that do not meet the deletion conditions are not deleted, and information will be given when it will be deleted.

Explanations on Reasons Requiring Storage and Disposal

Personal data of the person concerned,

  • Manage and complete reservation, transportation, payment, settlement processes,
  • To be able to communicate,
  • To provide information about our products, campaigns, promotions,
  • To provide services to you by customizing
  • Analyze,
  • To ensure the legal and commercial security of our company and those who have a business relationship with our company,
  • Organizing administrative operations,
  • To ensure the physical security and control of the departments of the company,
  • Use in partner/customer/supplier evaluation processes,
  • Determine and implement our company's commercial business strategies,
  • To ensure the execution of our company's human resources policy,
  • Fulfilling the legal obligations determined by the relevant legislation and providing information
  • To ensure the management and security of the villa,
  • Establishing the Villa Rental contractual relationship and ensuring the continuation of the contractual relations,

In order to;

For accommodation service,

  • Credentials
  • Contact Information (Address, phone number, e-mail, )
  • License Plate Number (for parking use)

Your personal data is recorded. Your data defined above is requested and processed by you within the framework of the contractual relationship.

For these reasons;

  • Storing personal data as it is directly related to the establishment and performance of contracts,
  • Storing personal data for the purpose of establishing, exercising or protecting a right,
  • It is obligatory to keep personal data for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of individuals,
  • Storing personal data for the Company to fulfill any of its legal obligations,
  • The legislation clearly stipulates the storage of personal data,
  • Explicit consent of data owners for storage activities that require explicit consent of data owners.

We are paying attention to their matters.

Your data ;

*If the storage period of your personal data has expired or the obligation has been removed due to changes in storage conditions due to legislation,

* The disappearance of the purpose of processing personal data,

* Elimination of the conditions requiring the processing of personal data in Articles 5 and 6 of the Law,

*Revoking the explicit consent of the data subject for personal data processed with the explicit consent of the data subject,

*Acknowledgment of the application made by the person concerned within the scope of Article 11 of the KVKK,

*In cases where the data controller rejects the application made by the data subject to the request for the deletion, destruction or anonymization of his personal data, his response is found insufficient or he does not respond within the time stipulated in the Law; By making a complaint to the Board and with the recommendation of the Board,

  • It will be deleted and destroyed if the maximum period for keeping personal data has passed.

Terms of Storage and Disposal

While determining the storage and disposal periods, the Company evaluates the following criteria within the scope of Law No. 6698 and Regulation:

*The period accepted as per the general custom in the relevant sector,

*The period during which the legal relationship established with the person concerned and necessitating the processing will continue,

*The period during which the legitimate interest of the data controller will be valid in accordance with the law and honesty rules,

*The period during which the risks, costs and responsibilities of storage will continue legally,

*Whether the maximum period to be determined is suitable for keeping the relevant data category accurate and up-to-date when necessary,

*Due to the legal obligation of the data controller, the period during which the personal data in the relevant data category has to be kept,

*Timeout period determined for asserting a right based on personal data.

Personal data whose retention period has expired is anonymized or destroyed in 6-month periods in accordance with the procedures set out in this Policy, taking into account the destruction periods. All transactions regarding the deletion, destruction and anonymization of personal data are recorded and these records are kept for at least 3 (three) years, excluding other legal obligations.

Technical and Administrative Measures Regarding the Storage and Disposal of Personal Data

Administrative Measures:

The company is within the scope of administrative measures;

  • Restricts internal access to the stored personal data to the personnel required to access it as per the job description. In limiting the access, whether the data is of special quality and its importance are also taken into account.
  • In case the processed personal data is obtained by others unlawfully, it notifies the person concerned and the Board as soon as possible.
  • Concerning the sharing of personal data, it shall sign a framework agreement on the protection of personal data and data security with the persons to whom personal data is shared, or ensure data security with the provisions added to the existing agreement.
  • Employs knowledgeable and experienced personnel about the processing of personal data and provides the necessary training to its personnel within the scope of personal data protection legislation and data security.
  • It carries out the necessary inspections in order to ensure the implementation of the provisions of the Law before its own legal entity and has it done. It fixes privacy and security vulnerabilities that arise as a result of audits.
  • It ensures that adequate security measures are taken (against electric leakage, fire, flood, theft, etc.) according to the environment where personal data is located, and prevents unauthorized entry and exit to these environments.

Technical Measures:

The company is within the scope of administrative measures;

With the penetration tests, the risks, threats, vulnerabilities and vulnerabilities, if any, regarding the information systems of our Institution are revealed and necessary precautions are taken. Risks and threats that will affect the continuity of information systems are taken as a result of real-time analyzes with information security event management.

*In order to ensure the security of information systems against environmental threats, hardware (access control system that allows only authorized personnel to enter the system room, 24/7 employee monitoring system, physical security of the edge switches that make up the local area network, fire extinguishing system, air conditioning system, etc.) .) and software (firewalls, attack prevention systems, network access control, systems that prevent malware, etc.) measures are taken.

*The risks to prevent the unlawful processing of personal data are determined, appropriate technical measures are taken against these risks, and technical controls are carried out for the measures taken.

*Reporting and analysis studies are carried out regarding access to personal data by establishing access procedures within the institution.

*Accesses to the storage areas where personal data are stored are recorded and inappropriate accesses or access attempts are kept under control. The Institution takes the necessary measures to ensure that the deleted personal data is inaccessible and reusable for the relevant users.

*In the event that personal data is obtained by others unlawfully, a system and infrastructure has been established by the Authority to notify the relevant person and the Board.

*Appropriate security patches are installed by monitoring security vulnerabilities and information systems are kept up-to-date.

* Strong passwords are used in electronic environments where personal data is processed.

*Secure record keeping (logging) systems are used in electronic environments where personal data is processed. Data backup programs are used to keep personal data safe.

*A separate policy has been determined for the security of sensitive personal data. Special quality personal data security trainings have been provided for employees involved in special quality personal data processing, confidentiality agreements have been made, and the authorizations of users who have access to data have been defined. Electronic environments where sensitive personal data are processed, stored and/or accessed are preserved using cryptographic methods. , cryptographic keys are kept in secure environments, all transaction records are logged, security updates of the environment are constantly monitored, necessary security tests are carried out regularly, the test results are recorded, the physical environments where sensitive personal data are processed, stored and/or accessed are adequately secured. measures are taken, physical security is ensured and unauthorized entries and exits are prevented. If sensitive personal data needs to be transferred via e-mail, it is encrypted with a corporate e-mail address or by using a KEP account.

*If it needs to be transferred via media such as removable memory, CD, DVD, it is encrypted with cryptographic methods and the cryptographic key is kept in a different environment. If transferring is carried out between servers in different physical environments, data transfer is carried out by establishing a VPN between servers or using the sFTP method. If it is required to be transferred via paper media, necessary precautions are taken against the risks such as theft, loss or viewing of the document by unauthorized persons, and the document is sent in a "confidential" format.

Duties and Powers of the Personal Data Protection Unit

Personal Data Protection Unit announces the Policy and other information regarding the Protection of Personal Data to the units and follows the developments of the units in this regard. Periodically plans the training processes and makes inspections. It follows the legislative changes related to the subject and ensures that the policy and texts are updated according to the legislation. Follows the Board decisions regularly.

Policy Enforcement, Violations and Sanctions

* This Policy will enter into force by being announced to all employees and will be binding on all business units, consultants, external service providers and anyone processing personal data as of its effectiveness.

*When there are violations of the policy, the relevant unit supervisor directly informs the data controller and the contact person appointed by the data controller and takes the necessary measures to ensure the implementation of the policy.

*Personal Data Protection Unit is also informed about the behavior contrary to the policy.

*Necessary action will be taken against those who violate the policy as soon as possible.

ANNEX-1 Personnel Title, Unit and Task List

APPENDIX-2 Table Showing the Periods of Retention and Destruction of Personal Data

Personal data will be kept for the periods specified in the table below, taking into account the issues specified in article 4 of the policy, and will be anonymized or destroyed at the end of the period:

Process Retention period Destruction time
Data stored under the Labor Law (eg performance records etc.) 5 years after termination of employment Within 6 months after the end of the retention period
Data collected within the scope of occupational health and safety legislation (health reports, etc.) 15 years after termination of employment Within 6 months after the end of the retention period
Data kept within the scope of SSI legislation 10 years after termination of employment Within 6 months after the end of the retention period
Documents that can be used in a claim/litigation regarding work accident/occupational disease 10 years after termination of employment Within 6 months after the end of the retention period
Data collected pursuant to other relevant legislation For the period stipulated in the relevant legislation Within 6 months after the end of the retention period
The relevant personal data is the subject of a crime within the scope of the Turkish Penal Code or other penal provisions During the statute of limitations Within 6 months after the end of the retention period
Customer data 10 years after registration Within 6 months after the end of the retention period

APPLICATION TO DATA SPEAKER GENERAL EXPLANATIONS

(within the scope of Articles 13 and 22 of KVKK)

A. YOUR RIGHTS REGARDING THE APPLICATION.

Within the scope of your rights specified in Article 11 of the Law, you can submit your requests in writing or by using the registered electronic mail (KEP) address, secure electronic signature, mobile signature or the electronic mail address previously notified to the data controller and registered in the data controller's system or for the purpose of application. You can forward it to the data controller through a software or application developed for the purpose.

KVKK art. Your rights under 11:

  • Learning whether personal data is processed,
  • Request information about personal data if it has been processed,
  • Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Requesting correction of personal data in case of incomplete or incorrect processing,
  • To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
  • To request that the transactions made pursuant to subparagraphs (d) and (e) be notified to third parties to whom personal data has been transferred,
  • Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
  • Demanding the compensation of the damage in case of loss due to unlawful processing of personal data.

B. APPLICATION PROCEDURE

KVKK art. 13 and the application procedure in accordance with Article 5 of the Communiqué on the Procedures and Principles of Application to the Data Controller; It should be done in writing or by using a registered e-mail (KEP) address, a secure electronic signature, or an e-mail address previously notified and registered to our company.

Your application by our company will be answered in writing as soon as possible and within 30 days at the latest, from the date on which the notification is received or received by us. If your transaction requires a cost, the fee in the tariff determined by the Personal Data Protection Board is charged. Click for fee schedule.

C. ADDRESS TO APPLICATION / REGISTERED ELECTRONIC MAIL ADDRESS

Your application, Exit Dokuma San. ve Tic. Ltd. Sti's DOSAB Mustafa Karaer Cad. Sarmaşık Sok. No.8 Osmangazi – BURSA with wet signature or to info@suitelamer.com with a secure electronic signature. Except for these addresses. applications will not be accepted by our company.

D. APPLICATION

Name-Surname : TR Identity Number / Passport Number :

Address :

REM (E-MAIL) :

SUBJECT OF REQUEST :

APPENDIX DOCUMENTS :

E. RIGHTS SUBJECT TO THE APPLICATION.

Is My Personal Data Processed? KVKK m. 11/a
I want to be informed if my Personal Data is being Processed. KVKK m. 11 /b
For what purpose is my personal data processed and is it used for processing purposes? KVKK m. 11/c
With whom is my personal data shared at home and abroad? KVKK m. 11/c
I request my Personal Data to be updated. KVKK m. 11/d
I request deletion and anonymization / destruction of my personal data. KVKK m. 11/e
KVKK m. 11/f
I object to a result against me by analyzing my personal data exclusively through automated systems. I don't want it analyzed. KVKK m. 11/g