KVKK
LIDER PETFOOD YEM SANAYİ VE TİCARET A.Ş. PROTECTION OF PERSONAL DATA
AND PROCESSING POLICY
Lider Petfood Yem Sanayi ve Ticaret A.Ş. The protection of personal data belonging to real persons with whom they are in contact within the business climate is required by the KVK Law. This policy text is a statement of intent describing the execution of the KVK Law.
meaning "business climate";
- Our current and potential supplies
- Our current and potential business partners
- Existing and potential dealer, authorized dealer, authorized service etc.
- Current and Potential customers
- Our current our current employees and employee candidates
- Our visitors,
- Employees of the ORGANIZATION (including the group of companies, if any) with which we cooperate, including financial advisers, certified public accountants, law offices and consultant firms, and,
- Are third parties
In this context, necessary administrative and technical measures are taken by the ORGANIZATION for the processing and protection of personal data in accordance with the Law No. 6698 and the relevant legislation.
In this Policy, the following basic principles adopted by the ORGANIZATION for the processing of personal data will be explained. Personal data:
- Obtaining and processing within the scope of malfunction,
- processing in accordance with the rules of law and honesty,
- keep data accurate and up-to-date when necessary,
- processing for specific, clear and legitimate purposes,
- relevant, limited and reputable for the purpose for which they are processed; processing,
- the purpose for which they are processed or processed in the relevant legislation; Storage for as long as necessary,
- informing and informing the owners,
- Creating the necessary infrastructure for the owners to exercise their rights
- Taking the necessary measures for its protection,
- detection and application of processing purposes, third; To act in accordance with the relevant legislation and KVK Board regulations,
- It is the special regulation of the processing and protection of personal data of special nature.
The main purpose of this Policy is to be clear about the personal data processing activity carried out by the INSTITUTION in accordance with the law and the systems adopted for the protection of personal data. to make announcements and to provide transparency by informing our “business climate”
This Policy; Our "business climate" It concerns all personal data that is processed automatically or non-automatically, provided that it is part of any data recording system.
This Policy, prepared by the ORGANIZATION, was put into effect on 04/01/2022.
This Policy is published on the INSTITUTION's website (www.liderpet.com.tr) and is accessible to the relevant persons upon the request of the personal data owners; It's the same.
INSTITUTIONAL Article 12 of the “KVK Law” in accordance with the personal data it processes;
- Preventing processing and unlawful accessing of data
- To ensure data protection
to ensure the appropriate level of security;
- Takes the necessary technical and administrative measures
- Makes and/or makes necessary inspections.
The ORGANIZATION, in order to ensure the legal processing of personal data,
- Cost,
- Time limit,
- The suitability of technology
takes precautions by keeping an eye on it.
The main technical measures taken by the INSTITUTION to ensure the legal processing of personal data are listed below:
- Personal data processing activities carried out within the body of the INSTITUTION established for this purpose; structure, operation and competencies (by knowledgeable personnel, software and hardware) are audited.
- Technical measures taken are periodically taken; It is reported to the authorized person appointed in accordance with the audit mechanism.
- Existing departments and knowledgeable (competent) personnel work together on technical issues.
Administrative measures taken by the INSTITUTION for the legal processing of personal data:
- INSTITUTION “business climate” are informed and trained on the law of personal data protection and the legal processing of personal data.
- All personal data processing activities carried out by the INSTITUTION; It is carried out in accordance with the personal data inventory (modeled in detail by analyzing all business units) and its annexes.
- The personal data processing activities carried out by the relevant departments of the INSTITUTION have been linked to written policies and procedures by the INSTITUTION. The issues that the relevant departments should pay attention to regarding the activities they are carrying out have been determined, they have been informed and their responsibilities have been communicated to them.
- The control and management of the departments regarding personal data security is organized by the Data Controller. Necessary administrative and technical measures on a business unit basis are implemented through internal policies, procedures and trainings.
- The service contracts and related documents between the INSTITUTION and the employees, including information about personal data and data security, are recorded and additional protocols are made.
The ORGANIZATION, by negligence or unauthorized persons;
- Explanation
- Access
- Transfer
- Have data leaks
- or any other unlawful access
Takes technical and administrative measures to prevent it.
The main technical measures taken by the INSTITUTION to prevent unlawful access to personal data are listed below:
- New technological developments are tried to be implemented by observing the balance of stability/benefit/burden. In the field of cyber security, technical measures are taken on systems, and the measures taken are periodically updated and renewed.
- Access and authorization technical solutions are put into use within the framework of legal compliance requirements determined for each department.
- Access authorizations are limited and authorizations are reviewed regularly. Application software and system access accounts of the users leaving the job are closed.
- Technical measures taken in accordance with the functioning of the INSTITUTION are reported to the relevant users, the risky issues are re-evaluated and the necessary technological solution is produced.
- Software and hardware including virus protection systems and firewalls are used.
- We employ personnel who are knowledgeable in technical matters, and outsource services, if necessary, through contracts that undertake the subjects ordered by the KVKK.
- In order to detect security vulnerabilities in applications where personal data is collected, applications are regularly subjected to external impact testing, and the gaps found according to the results of this test are closed.
- Related personnel who are employed at dealers and authorized services within the organization and process personal data are trained on administrative measures taken to prevent unlawful access to personal data.
- Within the INSTITUTION, the access and authorization processes to personal data are applied on a departmental basis, taking into account the personal data processing processes.
- The scope of the personal data processing activity in accordance with the law is explained in the contracts signed between the INSTITUTION and the employees and there are commitments to act accordingly
- The CONTRACTS concluded by the INSTITUTION with the persons to whom the personal data is transferred in accordance with the law; Provisions are added that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and ensure that these measures are complied with in their own institutions.
The ORGANIZATION has a Data Controller. On behalf of the INSTITUTION, which is the Data Controller, it performs the necessary audits in person in order to ensure the implementation of the provisions of the Law in its own institution or organization, in accordance with its duty arising from Article 12 of the Law, and if necessary; In case of need, it can be done by getting support from competent institutions. According to the results of this audit, detected violations, negativities and non-compliances are reported to the board of directors and the board of directors takes the necessary measures regarding these issues. In the case of outsourcing due to technical requirements regarding the storage of personal data, in the contracts concluded with the relevant companies to which the personal data is transferred in accordance with the law; It is stated that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and that these measures will be complied with in their own organizations.
The INSTITUTION, as the data controller, in accordance with Article 13 of the KVK Law, follows the Data Owner Application Procedure has been created. Technical preparations have been made in order to carry out the necessary actions in accordance with this procedure. There is a systemic infrastructure to ensure the implementation of this procedure within the ORGANIZATION.
Demands of personal data owners regarding their rights listed below; To use the e-mail address registered in the ORGANIZATION's system, with a personal application with the presentation of identity, or in writing or in writing or with a registered e-mail (KEP) address, secure electronic signature, mobile signature or the e-mail address previously notified to the ORGANIZATION by the relevant person. In case they transmit their identity in a way that can be confirmed by the ORGANIZATION by means of a software or application developed for the purpose of application, FOUNDATION; according to the nature of the request the request is passed; will reply free of charge within thirty days.
However, if the application of the person concerned is to be answered in writing, a handling fee of 1 Turkish Lira will be charged for each page exceeding ten pages. If the response to the application is given in a recording medium such as a CD or flash memory, a fee equal to the cost of the recording medium may be charged.
Personal data owners; With the application they make in accordance with this procedure, they will be able to claim all the rights in the relevant article of the law, including all processing processes, purposes and transfer information of their personal data.
With the KVK Law, special importance has been attributed to certain personal data due to the risk of causing victimization or discrimination when processed unlawfully. These data are;
- race, ethnicity,
- political thought, philosophical belief, religion, sect or other belief,
- dress and dress,
- association, foundation or union membership, health,
- sex life,
- with data on criminal convictions and security measures
- Biometric and genetic data.
The physical files containing the personal health data of the employees, which are physically stored in the health files, are locked and stored in areas accessible only to the infirmary personnel. Access to the health data of the employees is blocked, except for the relevant personnel.
- TRAINING OF CLIENTS, DEALER AND AUTHORIZED SERVICE CLIENTS ON THE PROTECTION AND PROCESSING OF PERSONAL DATA
The ORGANIZATION has taken part in the "business climate" in order to increase awareness to prevent unlawful processing of personal data, illegal access to data, and to ensure data protection. Information or online/offline trainings are provided to the relevant persons.
The ORGANIZATION, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law, regarding the processing of personal data; in accordance with the law and the rules of honesty, correct and up-to-date when necessary; for specific, clear and legitimate purposes; purpose-related, limited, and mutually exclusive engages in the processing of personal data in some way. The ORGANIZATION maintains personal data for as long as required by law or for the purpose of processing personal data. The ORGANIZATION is open to its customers, employees, dealers and authorized service personnel, visitors, suppliers and third-party employees. personal information of individuals; (identification information (name, surname, TR identity number, gender, age, date of birth,) contact information (e-mail address, telephone number, address information, IP address), vehicle characteristics, license information, chassis information, each Personal data such as usage habits of various types, preferences on the vehicle, taste and user habits, occupational data, visual and auditory data, education data, family members data, health data are processed and these data are processed. While processing, enabling the personal data owners listed here to benefit effectively from the goods and services of the INSTITUTION, to improve the diversity of products and services, and to provide data-driven technological development and innovation in vehicles, "the best service is the best" for you. In addition to providing services with the "product" principle and being informed about marketing, promotions and innovations as a result of these services, the performance of the contracts, the performance of the work It operates within the framework of financial/legal/commercial obligations.
The ORGANIZATION enlightens the data owners in accordance with Article 10 of the KVK Law and requests their consent in cases where consent is required; processes this personal data on the basis of the following criteria.
INSTITUTION; acts in accordance with the principles brought by legal regulations and the general rule of trust and honesty in the processing of personal data. In accordance with the principle of compliance with the rule of honesty, the INSTITUTION takes into account the interests and reasonable expectations of the persons concerned while trying to achieve its goals in data processing.
Keeping personal data accurate and up-to-date is necessary for the INSTITUTION to protect the fundamental rights and freedoms of the person concerned. The active obligation of the ORGANIZATION to ensure that personal data is accurate and up-to-date when necessary; It exists. For this reason, all communication channels are open for the INSTITUTION to keep the information of the data owner accurate and up-to-date.
The ORGANIZATION clearly and precisely determines the legitimate and lawful purpose of processing personal data. The ORGANIZATION processes personal data in connection with its commercial activity and as necessary for these.
The ORGANIZATION operates within the scope of its field of activity and necessary for the conduct of its business. For this reason, the ORGANIZATION processes personal data in a way that is suitable for the realization of the determined purposes and is not related to the realization of the purpose or is not needed. avoids the processing of unheard personal data. For example; No personal data processing activities are carried out to meet the needs that may arise later.
- Purpose for which they are processed or processed in the Relevant Legislation; Conservation For The Time Required
The INSTITUTION can only use personal data for the purpose specified in the relevant legislation or for which they are processed. It preserves it for the required time. In this context, the ORGANIZATION first determines that there is no foreseeable period for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period, if a period has not been determined, the purpose for which personal data is processed; It keeps it for the period required for and specified in the PERSONAL DATA INVENTORY. The ORGANIZATION is based on the storage periods in the personal data inventory, and at the end of the periods specified here, personal data is deleted or destroyed within the scope of the obligations under the Law, depending on the nature and purpose of use of the data. or anonymized
- PROCESSING OF DATA COLLECTED BY THE INSTITUTIONAL DEALERS AND AUTHORIZED DEALERS BY THE ORGANIZATION
The ORGANIZATION enters into a contractual relationship with DEALERS and AUTHORIZED SELLERS within the scope of its activities. In this context, the personal data of a significant part of the CUSTOMER's customers, the obligation to inform the data owner real persons through Dealers and Authorized Services. It is provided by fulfilling and obtaining consent and transferred to the ORGANIZATION. In order to carry out the work, this data can be processed by both the INSTITUTION, DEALERS and AUTHORIZED SELLERS. In the event that the relationship regarding personal data sharing between the ORGANIZATION and the DEALER and AUTHORIZED SELLER is carried out in the form of personal data transfer from the data processor to the data controller within the scope of the KVK Law, the relevant DEALER or AUTHORIZED SELLER shall notify the person at the stage of collecting the personal data of the person concerned, that these personal data are transferred to the INSTITUTION. It clarifies that it can be. The ORGANIZATION evaluates the collection of personal data on its own behalf, informs the DEALERS and AUTHORIZED SELLER in this regard, provides the necessary training and ensures that the contracts prepared in line with the KVKK, which regulates the rights and obligations of the parties, are signed.
INSTITUTION; In accordance with Article 10 of the KVK Law, it enlightens the Personal Data Owners during the acquisition of personal data. In this context, the INSTITUTION will inform the data owner about the identity of the data controller, the identity of its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of collecting personal data and the rights of the personal data owner for legal reasons. It illuminates according to its nature and data processing process. In this context, LIGHTING texts have been placed at dealers and authorized services in areas that customers can easily see. Along with this policy on the INSTITUTIONAL websites;
- customer disclosure text,
- Cookie policy,
- application form
Posted in
.
The ORGANIZATION can transfer the personal data and sensitive personal data of the personal data owner to third parties by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. by the ORGANIZATION; Personal data can be transferred to foreign countries that are declared to have sufficient protection by the KVK Board or, in the absence of sufficient protection, to foreign countries where data controllers in Turkey and the relevant foreign country undertake in writing to provide adequate protection and where the permission of the KVK Board is available. The reasons for the transfer are explained below:
- If there is a clear regulation in the law regarding the transfer of personal data,
- If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
- The legal obligation by the ENTERPRISE; If personal data transfer is mandatory in order to fulfill it
- If personal data transfer is necessary for the establishment, exercise or protection of a right,
- If personal data transfer is mandatory for the legitimate interests of the INSTITUTION, provided that it does not harm the fundamental rights and freedoms of the personal data owner.
By the ORGANIZATION; In line with the legitimate and lawful personal data processing purposes by the INSTITUTION, based on and limited to one or more of the personal data processing conditions specified in Article 5 of the KVK Law, in particular the principles set forth in Article 4 regarding the processing of personal data. In accordance with the general principles set forth in the KVK Law and all obligations regulated in the KVK Law, personal data owners within the scope of this Policy (Customers from Dealers and Authorized Services; Personal data in the following categories, limited to (Customers, Employees, Visitors, Third Persons, Employee Candidates, Employees of the Institutions We Collaborate with, Affiliates of the ORGANIZATION Group), data subjects It is processed by being informed.
The INSTITUTION has created a personal data inventory in accordance with the Regulation on the Registry of Data Controllers issued by the Personal Data Protection Authority. This data inventory includes data categories, data source, data processing purposes, data processing process, Recipient groups to which data is transferred, and retention periods. In this context, the following types of data categories exist within the ORGANIZATION, although not limited to these types.
PERSONAL DATA CATEGORIZATION | INSTITUTION KVKK DATA STORAGE AND DISPOSAL PROCEDURE |
Contact Data | This is the data group that can be used to reach the person (Phone, address, e-mail, Fax number, IP address,). |
Identity Data | This is the data group that contains information about the person's identity (Name, surname, TCKN, mother's name, father's name, place of birth, date of birth, gender, wallet serial number, copy of identity card, tax number, SGK number, nationality data, marriage certificate). ;data copy/scan, employee card) |
Health Data | It is the data group that contains the health information of the person (Blood group, medical history, check-up result, consultation report, diet form). |
Vehicle Data | The person's vehicle is the data group containing the information (Plate number, chassis number, engine number, license information). |
Location Data | This is the data group containing the location data of the person (GPS location). |
Visual/Audio Data | It is the data group that contains the visual and audio data of the person (Photo, sound recording, camera recording, driver's license photocopy/scan, ID photocopy/scan, passport photocopy/scan). |
Digital Trace Data | It is the data group (Log ) that contains the digital traces formed as a result of processing the personal information. |
Financial Data | This is the data group that contains the financial information of the person (Bank account number, IBAN number, card information, bank name, financial profile, mail order form, credit rating). |
Biometric/Genetic Data | This is the data group that contains the biometric/genetic data of the person (Fingerprint, genetic information, vein print). |
Professional Data | It is the data group that contains the information about the profession of the person (information about the institution where he/she works, registry of the professional chamber). |
Training Data | This is the data group that contains the education data of the individual (Diploma grade, diploma copy/scan). |
Asset Data | This is the data group that contains the assets owned by the person (Deed photocopy/scan, vehicle license photocopy/scan). |
Travel Data | This is the data group that contains the information about the person's travels (flight information, flight card, tour route, mile card number, accommodation data). |
Company Data | Sole company data (Company address). |
Racial / Religious Knowledge | It is the data group that contains the data of the person's origin and belief (Racial/religious knowledge). |
Association membership information | This is the data group that contains the member and association information of the person (All association memberships). |
Signature Data | This is the data group containing the signature information of the person (Wet signature, e-signature, signature copy/scan). |
Visa/Passport Data | This is the data group that contains the visa/passport information of the person (Visa information, passport photocopy/scan). |
Clothing Data | It is the data group that contains the distinctive features of the person's clothing (Clothes purchasing history, distinctive clothes worn.) |
Enforcement Data | This is the data group regarding the sanctions received by the person in the past (Criminal Proceedings, Criminal Record Record, Disciplinary Record.) |
The ORGANIZATION is based on data types used within the scope of data processing activities and within the company;
- IN THE PERSONAL DATA INVENTORY OF THE ORGANIZATION
- INSTITUTION INSTITUTION KVKK DATA STORAGE AND DISPOSAL PROCEDURE
- Determined the retention periods in the Data Term Schedule, with justification.
The ENTERPRISE processes personal data limited to the purposes and conditions within the personal data processing conditions specified in the 2nd paragraph of the 5th article of the KVK Law and the 3rd paragraph of the 6th article.
- Performance of procurement services
- Performance of marketing and information processes
- Execution of Sales/Order/Delivery processes
- Execution of after-sales service and service processes
- Performance of accounting services
- Performance of human resources services
- Performance of communication within the business climate
- Performance of collection services (Mail order and online and offline collection transactions including transfer order)
- To customers; Product-service promotion, information, personalized advertisements, campaigns and other benefits, sending commercial electronic messages within loyalty programs, surveys and tele-sales applications, statistics. Providing various advantages through analysis,
- To perform after-sales services such as service management, to make evaluations for the purpose of following the service services
- Doing studies to improve service quality and providing better service,
- Issuing invoices for our services,
- Procurement of services from external sources,
- Providing the benefits of specialized organizations to customers in order to receive services and technology services on subjects that are not in their area of expertise,
- Confirmation of identity,
- Answering questions and complaints,
- Taking the necessary technical and administrative measures within the scope of data security,
- Related business partners and other third; Providing financial reconciliation regarding products and services offered with individuals,
- Providing necessary information in line with the requests and inspections of regulatory and supervisory institutions and official authorities,
- Preserving the information about the data that should be kept as per the relevant legislation,
- Providing control over the consistency of information,
- Measurement of customer satisfaction,
- Çin terms of employees; Creation of the dictionary file, determination of whether it is capable of constantly fulfilling the requirements of the job, making private health insurance, creating a health file, taking occupational safety precautions
- Using the data received via the website or social media channels for marketing purposes through third party agencies
- Fulfillment of legal obligations
- Supporting the personnel procurement process of the organizations involved in the “business climate”
- Execution/monitoring of the financial reporting and risk management transactions of the INSTITUTION
- Execution/follow-up of the legal affairs of the INSTITUTION
- Creating and tracking visitation records
The ORGANIZATION keeps personal data for the period specified in these legislations, in case of occurrence in the relevant laws and regulations.
If the legislation regarding how long personal data should be stored has not been regulated for a while, Personal Data will be used by the ORGANIZATION while processing the said data. ; Depending on the activity, the ORGANIZATION stores it for a period of time that requires it to be stored in accordance with practices and industry customs. When the storage period expires, it is deleted / destroyed / anonymized in accordance with the relevant Policy created by the INSTITUTION in accordance with the nature of the data.
The purpose of processing personal data has ended; if the storage periods determined by the relevant legislation and the ORGANIZATION have come to an end; Personal data can only be stored to provide evidence in possible legal disputes or to assert the right related to personal data or to establish a defense. Despite the expiry of the statute of limitations and the statute of limitations for asserting the right mentioned in the establishment of the terms herein, the requests made to the ORGANIZATION on the same issues before Storage periods are determined on the basis of In this case, the stored personal data is not accessed for any other purpose and access is provided only when it is necessary to use it in the relevant legal dispute. Here, too, personal data is deleted, destroyed or anonymized after the aforementioned period expires.
- THIRD PARTIES TO WHICH PERSONAL DATA IS TRANSFERRED BY THE ORGANIZATION AND THE PURPOSE OF THE TRANSFER
The INSTITUTION can transfer the personal data of the data subjects governed by this Policy to the following categories of persons and the "business climate" in accordance with Articles 8 and 9 of the KVK Law:
- TO its business partners,
- Bank and insurance companies
- Travel agencies
- Institutions and organizations that provide health services to employees
- Hotels
- Education companies
- To the Establishment Dealers and Authorized Services,
- INSTITUTIONAL sourcing forwards,
- INSTITUTION To the CORPORATION group companies in countries where personal data is legally protected
- FOUNDATION company officials,
- Legally Authorized public institutions and organizations,
The transfer scope and data transfer purposes are stated below.
Data Transfer Possible Persons | Definition | Data Transfer Purpose |
Partner | Identifies the parties such as Dealer, Authorized Dealer with a separate tax number, with which the CORPORATION has established business partnerships in order to carry out its commercial activities (various projects, receiving services, etc.). | It is conveyed in a limited way in order to ensure that the purposes of the establishment of the business partnership are fulfilled. |
Supplying | While carrying out the commercial activities of the INSTITUTION, in accordance with the orders and instructions of the INSTITUTION, on the basis of a contract, the ESTABLISHMENT; or the parties that provide services. | It is conveyed in a limited way in order to ensure the provision of the services that are outsourced by the INSTITUTION and necessary to carry out the commercial activities of the ORGANIZATION. |
Group Companies | City with Data Protection legislation and COUNTRIES FOUNDATION Community companies, | It is limited to ensuring the execution of commercial activities that require the participation of the companies of the CORPORATION Group. |
Authorized Public Institution and Its Organizations | According to the provisions of the legislation Public institutions and organizations authorized to receive information and documents from the INSTITUTION | In cases where public institutions and organizations demand and provide a legal basis, it is conveyed on a limited basis. |
Explicit consent of the personal data owner is only one of the legal bases that makes it possible to process personal data in accordance with the law. Apart from express consent, personal data may also be processed in the presence of one of the conditions specified in the law. The basis of the personal data processing activity may be only one of the conditions stated below, or more than one of these conditions may be the basis of the same personal data processing activity.
Terms of Business | Scope | example |
Rule of Law | Tax Legislation, Labour Legislation, Trade Legislation etc. | Permanent personnel information of the employee must be kept in accordance with the legislation. |
Performance of Contract | Business Contract, Contract of Sale, Contract of Carriage, Work Contract etc. | Saving the address of the company for delivery. |
Actual Impossibility | Those who cannot give consent due to actual impossibility or who have the power to discern; person who is not. | Contact or address information of the unconscious person. Location information of a kidnapped person. |
Legal Liability of the Data Controller | Compliance with Financial Audits, Security Legislation, Sector Oriented Regulations. | Sharing information in special audits in areas such as Banking, Energy, Capital Markets. |
Giving Publicity | The person concerned submits his/her information to the public. | The person's declaration of contact information to be reached in case of emergency. |
The Establishment and Protection of the Right, Using | Litigation, registration procedures, all kinds of; deed transaction etc. Mandatory data to be used in business. | Preserving required information about an employee leaving the job during the litigation timeout . |
Legitimate Interest | Data may be processed if it is necessary for the legitimate interest of the data controller, provided that the fundamental rights of the data owner are not harmed. |
Data processing for the purpose of applying rewards and bonuses that increase employee loyalty.
|
- PERSONAL DATA PROCESSING ACTIVITIES MADE WITHIN THE FACTORY BUILDING ENTRANCES AND INSIDE THE BUILDING
In order to ensure security by the INSTITUTION, personal data processing activities are carried out for monitoring the entrance and exits of the guests with security cameras in the buildings and facilities of the INSTITUTION.
Personal data processing is carried out by the ORGANIZATION by using security cameras and recording guest entries and exits.
The ORGANIZATION, within the scope of monitoring activity with a security camera; It has the purpose of protecting the interests of the company and other persons in order to ensure their safety. This monitoring activity, KVKK and It is carried out in accordance with the Law on Private Security Services and the relevant legislation. In this context, the information that monitoring is done with a camera is announced to all employees and visitors, and people are enlightened. Notifications are posted at the entrances of the monitoring areas. In accordance with Article 12 of the KVK Law, the ORGANIZATION takes necessary technical and administrative measures to ensure the security of personal data obtained as a result of camera monitoring.
by the ORGANIZATION; For the purpose of ensuring security and for other purposes specified in this Policy, personal data processing activities are carried out for the tracking of guest entries and exits in the buildings and facilities of the ORGANIZATION. While obtaining the identity data of the persons who come to the premises of the ORGANIZATION as guests, or through the texts posted before the ORGANIZATION or made available to the guests in other ways, the personal data owners in question are enlightened in this context. The data obtained for the purpose of tracking the guest entry-exit is processed only for this purpose and the relevant personal data is recorded in the data recording system in the physical environment.
For the purpose of ensuring security by the ORGANIZATION and for other purposes specified in this Policy; Internet access can be provided by the INSTITUTION to our visitors during their stay in our buildings and facilities. In this case, log records of your internet access are kept in accordance with the Law No. 5651 and the prevailing provisions of the legislation prepared according to this Law; These records can only be recorded if requested by authorized public institutions and organizations or in the audit process to be carried out within the ORGANIZATION, the relevant legal obligation. It is processed in order to fulfill it.
In Article 138 of the Turkish Penal Code, Article 7 of the KVK Law and on the Deletion, Destruction and Anonymization of Personal Data extracted by the Institution; “clearness” in accordance with; Although it has been processed in accordance with the provisions of the relevant law, personal data is deleted, destroyed or anonymized upon the request of the personal data owner or at the sole discretion of the ORGANIZATION, in the event that the reasons requiring its processing disappear. The ORGANIZATION has created a Policy in this regard in accordance with the provisions of the regulation and in accordance with this Policy, the data is destroyed according to the nature. In accordance with this regulation, periodic destruction dates have been determined by the INSTITUTION, and a calendar has been established according to which periodic destruction will be carried out at various intervals with the commencement of the obligation.
The INSTITUTION informs the personal data owner of the rights of the personal data owner in accordance with Article 10 of the KVK Law and guides the personal data owner on how to use these rights regulated in Article 11, and The INSTITUTION, in order to evaluate the rights of the personal data owners and to provide the necessary information to the personal data owners, in accordance with the 13th article of the KVK Law; carries out the operation, administrative and technical regulations.
Personal data owners have the following rights:
- Learning whether personal data is processed or not,
- Request information about personal data if it has been processed,
- Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
- Third, where personal data is transferred at home or abroad; know people,
- In case of incomplete or incorrect processing of personal data, requesting their correction and the process carried out in this context, the third transfer of personal data; requesting people to be notified,
- Demanding the deletion or destruction of personal data in the event that the reasons requiring processing disappear, although it has been processed in accordance with the KVK Law and other relevant provisions of law, ; requesting people to be notified,
- To object to this result in case a result against the person arises by analyzing the processed data exclusively through automated systems,
- Demanding the removal of the damage in case of loss due to unlawful processing of personal data.
Personal data owners cannot assert their rights listed in 20.1.1 in these matters, since the following cases are excluded from the scope of the KVK Law in accordance with Article 28 of the KVK Law:  ;
- Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics.
- millî defense, millî not to violate or commit a crime against security, public safety, public order, economic security, privacy or personal rights; for purposes of art, history, literature or science, or freedom of expression; processing under.
- millî defense, millî Preventive, protective and intelligence activities carried out by public institutions and organizations that have been given the duty and authority by law to ensure security, public security, public order or economic security. processing under.
- Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
As per Article 28/2 of the KVK Law; In the cases listed below, personal data owners cannot claim their other rights listed in 20.1.1., except for the right to demand the compensation of the damage:
- The crime of personal data processing; prevention or crime of processing it is necessary for the investigation.
- Processing of personal data made public by the personal data owner.
- Based on the authority given by the law for personal data processing, by the responsible and authorized public institutions and organizations and professional organizations in the nature of public institutions, for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution to be.
- Personal data processing is necessary for the protection of the economic and financial interests of the State with respect to financial, tax and financial matters.
Personal Data Owners can submit their requests regarding their rights specified in this POLICY with the information and documents that will identify them, and the Application Form with the methods specified below or other methods determined by the Personal Data Protection Board. they will be able to fill in and sign it and send it to the ORGANIZATION free of charge: Comprehensive regulation on this subject INSTITUTION Data Owner Application Procedure; It was made inside.
After completing the form at www.liderpetcom.tr, a wet-signed copy can be sent in person or in writing by mail, Salihli Organize Sanayi Bolgesi 302.Cad.No:28 To be forwarded to Salihli/MANİSA
The form available at www.liderpet.com.tr should be filled in and "secure electronic signature" within the scope of Electronic Signature Law No. 5070; After signing with the secure electronic signed form, Iletisim@liderpet.com.tr” A software developed for the purpose of application or by using a secure electronic signature, mobile signature, or an e-mail address previously notified to the ORGANIZATION by the relevant person and registered in the ORGANIZATION's system or for the purpose of application. or applying through the application
Filling the form at www.liderpet.com.tr and making a personal application together with the identity document
Third on behalf of personal data owners; In order for individuals to make an application request, a private power of attorney issued by the data owner on behalf of the person to apply through a notary public must be present.
- THE RELATIONSHIP OF THE INSTITUTIONAL PERSONAL DATA PROTECTION AND PROCESSING POLICY WITH OTHER POLICIES
INSTITUTIONAL principles set forth herein; Policies regarding other data assets within the ORGANIZATION and the protection and processing of personal data; based on sub-procedures for use.
The Establishment to act in accordance with the KVK Law regulations and the enforcement of the Personal Data Protection and Processing Standard; A management structure has been established to ensure that.
In accordance with the decision of the Company's top management to manage this Policy and other Policies connected and related to this Policy, the Personal Data Protection Committee (“ ;Committee”) was established.
The duties of this Committee are stated below;
- To prepare the basic Policies on the protection and processing of personal data and changes when necessary, to put them into effect and to submit them to the Executive Board for approval.
- To decide how the implementation and control of the Policies on the protection and processing of personal data will be carried out, and to submit to the approval of the top management, in this context, assignments and coordination within the company. To forward it to the "Higher Board".
- Identifying the issues that need to be done in order to ensure compliance with the KVK Law and the relevant legislation and submitting them to the approval of the senior management, monitoring their implementation and communicating them to the National Board to ensure coordination.
- To raise awareness within the ORGANIZATION on the protection and processing of personal data and among the institutions with which the ORGANIZATION is in cooperation. To determine the risks that may arise in the personal data processing activities of the INSTITUTION and to ensure that the necessary measures are taken; to convey the improvement suggestions to the Executive Board for the approval of the top management.
- Conveying trainings to the Supreme Board to ensure that personal data owners are informed about personal data processing activities and their legal rights on the protection of personal data and the implementation and dissemination of the Policies.
- To forward the applications of personal data owners to the National Council for final decision.
- Following the developments and regulations on the protection of personal data; in accordance with these developments and regulations, the ESTABLISHMENT To convey to the General Assembly its recommendations on what needs to be done within it.
- To carry out the relations with the KVK Board and Institution under the coordination of the National Council.
- To perform other duties to be assigned by the company's top management and the Board of Directors regarding the protection of personal data.
ANNEX-1 DEFINITIONS
Explicit consent | Consent on a particular subject, based on information and expressed with free will. |
Anonymization | It is the change of personal data in such a way that it loses the quality of personal data and this situation cannot be undone. Ör: Masking, aggregation, data corruption etc. making personal data incapable of being associated with a real person with techniques. |
Application Form | Application Form Regarding the Applications to be Made by the Relevant Person (Personal Data Owner) to the Data Controller in accordance with the Law on Protection of Personal Data No. 6698, which includes the application to be made by the personal data owners to exercise their rights. |
ÇEmployee Candidate | Real persons who have applied for a job to the INSTITUTION by any means or have submitted a resume and have opened their relevant information to the INSTITUTION's review. |
Employees, Shareholders and Officials of the Institutions We Cooperate With | All kinds of INSTITUTIONS; Real persons, including shareholders and officials of these institutions, who work in the institutions with which they have a business relationship (such as but not limited to business partners, suppliers). |
Partner | Parties with which the CORPORATION has established business partnerships for purposes such as carrying out various projects, receiving services, either personally or together with Group Companies, while carrying out its commercial activities. |
Processing of personal data | Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over personal data in whole or in part by automatic or non-automatic means, provided that it is a part of any data recording system, all kinds of things that are performed on the data, such as making it available, classifying or preventing its use; transaction. |
Personal data owner | The real person whose personal data are processed. ÖFor example; Customer, Staff, Dealer &Cedil;Employee |
Personal data | Any kind of identity related to an identified or identifiable real person; information. Therefore, the processing of information regarding legal persons is not within the scope of the Law. ÖFor example; name-surname, TCKN, e-mail, address, date of birth, credit card number etc. |
Öpersonal data of special nature | Race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and data on security measures, as well as biometric and genetic data. |
Procurement | While carrying out the commercial activities of the INSTITUTION Parties that provide services to the ORGANIZATION on a contractual basis in accordance with the orders and instructions of the INSTITUTION. |
Üç" Person | Real persons whose personal data are processed within the scope of the POLICY, who are not defined differently within the scope of the POLICY (Or. Family members, former employees). |
Data processor | The real and legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. For example, DEALERS, AUTHORIZED RESELLERS, the cloud computing firm that keeps the data of the ORGANIZATION, the Call-Center firm that makes the call, etc. |
Data controller | The person who determines the purposes and means of processing personal data and manages the place (data recording system) where the data is kept systematically. |
Visit | Real persons who have entered the physical premises owned by the INSTITUTION for various purposes or visited our websites. |