Demande de Devis 
Demande de Devis

Personal Data Access, Information Security and Usage Policy

  • Home
  • Personal Data Access, Information Security and Usage Policy

1. INTRODUCTION

This Personal Data Protection and Processing Policy (“Policy”) outlines the matters to be considered by Özgün Vergo A.Ş. (“Özgün Vergo,” “Company”) and its other group companies regarding the protection and processing of personal data.

The Policy aims to ensure that the activities carried out by Özgün Vergo, in line with its commitment to protecting personal data since its establishment, comply with the principles outlined in Law No. 6698 on the Protection of Personal Data (“Law”), particularly with the principles of legality, fairness, and transparency.

Özgün Vergo takes all necessary technical and administrative measures to process and protect personal data in accordance with the principles set forth in the Law and this Policy. In this context, training sessions are organized to raise awareness among employees. Necessary notifications and warnings are made to data subjects regarding this matter.

2. CLASSIFICATION OF PERSONAL DATA

2.1. Personal Data
Personal data refers to any information relating to an identified or identifiable individual. The protection of personal data is only related to the data of natural persons. Data that does not contain information about natural persons is excluded from personal data protection. Therefore, this Policy does not apply to other data owned by Özgün Vergo.

2.2. Special Categories of Personal Data
Special categories of personal data are those that, if disclosed, could lead to discrimination or harm to the individual. Such data includes race, ethnicity, political views, philosophical beliefs, religion, sect, or other beliefs, clothing and appearance, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions, security measures, and biometric and genetic data.
The processing and protection of special categories of personal data are of particular importance to Özgün Vergo and its group companies. When processing such data, the existence of lawful grounds is first determined, and the activities are carried out only after ensuring compliance with legal conditions. Special categories of personal data are processed in accordance with the measures foreseen by the Personal Data Protection Board and in cases required by legislation, or in other cases, with the explicit consent of the data subject.

3. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

Özgün Vergo and its group companies process personal data in compliance with the following principles and closely monitor changes in regulations and other areas.

3.1. Processing in Compliance with Law and Fairness
Özgün Vergo processes personal data in accordance with the law and fairness. In this context, personal data is processed by the Company with limited information, as required by business activities.

3.2. Ensuring Accuracy and Up-to-Date Information
Özgün Vergo takes necessary technical and administrative measures to ensure the accuracy and up-to-date status of personal data during the processing period. Upon the data subject’s request or if discrepancies are identified, corrections are made.

3.3. Processing for Specific, Explicit, and Legitimate Purposes
Özgün Vergo clearly defines the purposes for which personal data is processed and processes it for legitimate purposes related to business activities.

3.4. Relevant, Limited, and Proportional Processing
Özgün Vergo processes personal data to the extent necessary for the realization of the purposes related to data processing.

3.5. Retention of Personal Data for Legal and Commercial Purposes
Özgün Vergo retains personal data in accordance with the time periods required by the relevant legislation or the data processing purpose. If a time period is specified, personal data is deleted, destroyed, or anonymized at the end of this period or when the reasons for processing the data no longer exist.

4. PURPOSES OF PERSONAL DATA PROCESSING

The purposes for processing personal data by Özgün Vergo and its group companies are outlined below as examples:

  • Managing the employee payment process and making mandatory notifications to public institutions,

  • Organizing training sessions for employees,

  • Creating personal files for employees,

  • Managing financial transactions,

  • Conducting marketing activities,

  • Managing logistics operations,

  • Managing contract processes,

  • Ensuring compliance with regulations,

  • Managing financial and accounting processes,

  • Preparing documents for powers of attorney, authorization letters, etc., for employee representation activities,

  • Communicating with banks,

  • Responding to notifications from official authorities in writing,

  • Communicating with legal or natural persons involved in a commercial relationship,

  • Ensuring workplace safety,

  • Fulfilling obligations related to subcontracted workers,

  • Managing the processes related to signed contracts,

  • Fulfilling legal obligations,

  • Monitoring employee work hours,

  • Fulfilling obligations as per Law No. 6331,

  • Keeping records related to potential legal disputes,

  • Keeping internet access logs as per Law No. 5651,

  • Creating visitor records,

  • Conducting strategic planning activities,

  • Ensuring physical security of the premises.

5. TRANSFER OF PERSONAL DATA

Özgün Vergo and the group companies can transfer personal data and special categories of personal data to third parties within the country in a lawful manner, taking necessary security precautions and in line with the purposes of processing. In this context, the personal data transfer conditions outlined in Article 8 of the Law are followed.

5.1. Transfer of Personal Data within the Country
Özgün Vergo acts in accordance with the data processing conditions in data transfer activities within the country as required by Article 8 of the Law. Therefore, personal data is not transferred to third parties without the explicit consent of the data subject. However, in cases where exceptions outlined in the Law apply, personal data may be transferred to third parties within the country without the data subject’s explicit consent.

5.2. Transfer of Personal Data Abroad
Özgün Vergo and its group companies can transfer personal data and special categories of personal data to third parties abroad, taking necessary security measures in line with the purposes of processing. Personal data may be transferred to foreign countries that have been declared to provide adequate protection by the Personal Data Protection Board or to countries where the data controllers in both Turkey and the foreign country provide written guarantees of sufficient protection, with the approval of the Personal Data Protection Board.

5.3. Third Parties to Whom Personal Data May Be Transferred
Özgün Vergo may transfer personal data to the following categories of persons, in compliance with the principles in Article 3 of this Policy, as per Article 8 of the Law:

  • Third-party companies with which cooperation exists,

  • Official authorities,

  • Banks,

  • Lawyers,

  • Workplace doctors,

  • Contracted OSGB companies,

  • Company shareholders,

  • Group companies.

6. EXCEPTIONAL CASES WHERE EXPLICIT CONSENT IS NOT REQUIRED FOR PERSONAL DATA PROCESSING

Even without the explicit consent of the data subject, personal data may be processed under the following conditions, with necessary administrative and technical measures taken by the Company:

  • The personal data processing activity is explicitly foreseen in the laws,

  • Due to physical impossibility, explicit consent cannot be obtained from the data subject and processing is mandatory,

  • The personal data processing activity is directly related to the establishment or performance of a contract,

  • The processing of personal data is necessary for the fulfillment of the Company’s legal obligations,

  • The data subject has made their personal data public,

  • The processing of personal data is necessary for the establishment or protection of a right,

  • The processing of personal data is necessary for the legitimate interests of the Company.

7. OBLIGATIONS REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA

7.1. Obligation to Register with the Data Controllers’ Registry (VERBIS)
Özgün Vergo and its group companies are obligated to register with the Data Controllers’ Registry, as required by the Law and the Regulation on the Data Controllers’ Registry, when the specified criteria are met. In this regard, the following information will be shared with the public:

  • The identity and address of the data controller and the data controller’s representative,

  • The purposes for processing personal data,

  • Data categories,

  • The recipient or recipient categories to whom personal data will be transferred,

  • Personal data to be transferred abroad,

  • Technical and administrative measures for personal data security,

  • The maximum retention period for personal data.

7.2. Obligation to Inform the Data Subject
Özgün Vergo will provide the following information to data subjects during the acquisition of personal data, as required by Article 10 of the Law:

  • The identity of the data controller,

  • The purposes for processing personal data,

  • To whom and for what purposes personal data may be transferred,

  • The method and legal grounds for collecting personal data,

  • The rights of the data subject.

7.3. Obligation to Comply with Data Subject’s Requests
Data subjects have the right to request information about their personal data, either in writing or by using other methods determined by the Personal Data Protection Board, as specified in Article 11 of the Law. In this context, data subjects may:

  • Learn whether their personal data is processed,

  • Request information if their personal data has been processed,

  • Learn the purpose of processing their personal data and whether it is being used appropriately,

  • Learn which third parties, domestic or international, their personal data has been transferred to,

  • Request correction if their personal data is incomplete or incorrect and request that this correction be communicated to third parties,

  • Object if their personal data is analyzed in a way that leads to negative consequences for them,

  • Request compensation if they suffer damage due to unlawful processing of their personal data.

7.4. Obligation to Ensure the Security of Personal Data
Özgün Vergo and its group companies take necessary technical and administrative measures in accordance with Article 12 of the Law to prevent the unlawful processing of personal data, prevent unauthorized access to personal data, and ensure the lawful retention of personal data.

8. APPLICATION

Data subjects can submit their requests related to the rights outlined above in writing to Zone d’Activités Qued Tielat, Section No: 02, Property Lot No: 173, Qued Tielat Municipality, Oran Wilaya / Algeria. Requests will be addressed within 30 days at the latest.

9. RIGHT TO COMPLAIN TO THE PERSONAL DATA PROTECTION BOARD

In case of a refusal or unsatisfactory response to their application, or if no response is given within the prescribed time, data subjects should be informed of their right to complain to the Personal Data Protection Board within 30 days.

10. COMPLIANCE WITH THE POLICY

  • Systems for deleting, destroying, and anonymizing personal data are regularly updated.

  • Necessary security systems for data protection have been established and their currency is ensured.

  • Data subjects are informed during the acquisition of personal data, and necessary information is provided upon request.

  • The protection and processing policies are created in accordance with the Law and relevant regulations.

11. PUBLICATION AND EFFECTIVENESS OF THE POLICY

The Policy, prepared by Özgün Vergo, will be published on the company’s website (www.ozgunvergo.com) and made available to relevant persons upon request. The Policy will be periodically reviewed and updated, taking into account developments in the legislation.

Cart (0 items)