Protection of personal data

Protection of personal data

PELSAN TEKSTİL ÜRÜNLERİ SANAYİ VE TİCARET A.Ş.

DATA PROTECTION AND PROCESSING POLICY

1. Purpose and Scope of the Policy

This Pelsan Tekstil Ürünleri Sanayi ve Ticaret A.Ş.(“Company”) Data Protection and Processing Policy (“Policy”) is prepared  to provide information to our employees, candidates for whom we process personal data, employees of the institutions we cooperate with and other persons whose personal data is processed by our company; The Company's personal data processing activities, measures taken within this scope, the rights of data subjects and the methods of using these rights are informed within the scope of the Personal Data Protection Law (“Law”).

1. Definitions

2. Processing of Personal Data

• Principles

Within the scope of all Personal Data Processing activities, our Company acts in accordance with the principles described below in accordance with Article 4 of the Law.

1. Processing in Good Faith and in Accordance with the Law

Our Company shall act in good faith and in accordance with the principles set forth under legal regulations during personal data processing activities

2. Ensuring that Personal Data Are Accurate and Up-to-Date Where Necessary:

Our Company shall ensure that processed personal data are accurate and up-to-date and take necessary measures in this regard

3. Processing for Specific, Explicit and Legitimate Purposes:

Our Company restricts Personal Data Processing activities to specific and legitimate purposes and informs the Data subjects clearly relating to these purposes through information notes.

4. Relevant, Limited and Proportional to the Purposes for Which They Are Processed:

Personal Data is processed by our Company in connection with and limited to the extent necessary for the purpose notified to the Data subjects at the time of the provision of the Personal Data.

5. Keeping for Duration Necessary for The Purposes for Which the Data are Processed or Foreseen Under the Relevant Legislation:

Our Company maintains Personal Data for a certain duration within the scope of the legislation in force. If no such period is specified in the legislation, reasonable retention periods are determined by considering the purpose of data usage and the procedures of our Company and the data is kept limited to this duration.

• Conditions of Processing Personal Data

• If the data subject has explicit consent,
• If it is specifically provided for by law that personal data will be processed;
• If it is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid;
• If processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract;
• If it is mandatory for our Company to be able to perform its legal obligations;
• If the data concerned is made available to the public by the data subject himself;
• If data processing is mandatory for the establishment, exercise or protection of any right ;
• If it is mandatory for the legitimate interests of the controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject;

Personal data is processed by our Company based on one or more of the above personal data processing conditions set forth in the Law and in accordance with the regulations set forth in the Law.

Special categories of personal datacan only be processed if the personal data owner has explicit consent.Special categories of personal dataconcerning the health and sexual life of the personal data subject may be processed by persons or authorized institutions or organizations under the obligation of keeping secrets for the purpose of protection of public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

3. Personal Data Categories Processed by the Company

Your personal data collected by our Company may vary depending on the nature of the legal relationship you have established with our Company (employee, employee candidate, visitor, etc.)

In accordance with the principles and processing conditions specified in the Law and article 10 of the Law, personal data categories processed by informing the related persons can be listed as follows:

• Identity information (driver's license, birth certificate, residence, passport, case of birth certificate, marriage certificate, etc.)

• Contact information (E-mail address, phone number, mobile number, address etc.)

• Personal Information: any personal data relating to personal rights of our employees or persons in legal relationship with our company

• Benefits Information: your personal data that is processed for the purpose of planning the benefits provided to our employees

• Employee Candidate Information: personal data such as resume, job application form, interview notes, etc. relating to individuals who have applied to be employees of our company

• Family members and Relatives Information: Information such as identification, contact information about family members and relatives of the personal data subject to protect the legal interests of the company and the data subject.

• Special Categories of Personal Data: The data specified in Article 6 of the Law.

• Financial Information: Data, documents and records showing all kinds of financial and accounting results created according to the type of legal relationship established by our Company with data subject

• Physical Premises Security Information: Personal data relating to the records and documents obtained when entering to physical premises and during the stay in such premises; such information which explicitly belongs to an identified or identifiable real person and are a part of the data recording system.

• Security Information of Activity: Personal data processed for the purposes of ensuring administrative, legal and commercial security of both our employees and our Company during the conduct of commercial activates of our Company;

• Legal Procedure Information:Personal data contained in the information requests or decisions taken by the judicial and administrative authorities processed within the scope of our legal obligations.

• Supervision and Inspection Information:Information on any record and transaction regarding our Company's legal obligations and the legal process and rights associated with the data subject.

4. Camera Surveillance Within The Premises of The Company

If you visit our company premises, your visual data shall be collected through closed circuit camera system and shall be kept only for the required period for the below mentioned purposes. With the use of closed-circuit camera system, it is aimed to prevent and monitor anti-social behaviors and criminal behaviors, to establish the safety of our Company's premises and tools and equipment in our Company's premises, to protect the health and safety of visitors and employees who visit our Company's premises. Areas that may result from interference with the privacy of the person exceeding security objectives are not subject to monitoring. Our Company provides information on general issues and places notice signs and warning signs on the entrance of the areas where monitoring is carried out. Thus, it is aimed to protect the rights of the data subjects whose personal data is processed and to ensure transparency in the processing of personal data. All kinds of technical and administrative measures necessary to ensure the security of your data obtained through closed circuit camera system are taken by our Company.

5. Maintaining Of Records Regarding Internet Access Provided To company visitors

Log records of the visitors during their stay in our facilities can be maintained within the scope of the Law numbered 5651 and imperative provisions can be regulated in accordance with the Law in order to provide security and foe the purposes stated in this Policy.

In this regard, limited number of the Company IT employees have the access to the log records obtained within this scope

These records are only processed and shared with third parties if requested by authorized state institutions and organizations or in order to fulfil our legal obligations as regards to the intercorporate inspection processes

6. Purposes For Processing Of Personal Data By Company

Your personal data may be processed by our Company within the scope of the personal data processing conditions specified in Articles 5 and 6 of the Law and for the following purposes:

• Execution of the operational activities in order to conduct company activities pursuant to the law
• Execution of legally required transactions, records, notifications and obligations required by legal regulations and carrying out obligations
• Communicating with related parties within the framework of purchase, sale, delivery or commercial relations
• Planning and execution of human resources processes and needs
• Processes related to the employment of personnel and fulfillment of obligations arising from employment contract and legislation
• Carrying out the application process of the candidate employees
• Monitoring and / or supervision of the work of the employees
• Planning and execution of rights and benefits for employees
• Salary management for employees
• Supporting the training processes of employees
• Planning and execution of emergency management processes
• Ensuring physical premises security
• Ensuring security of movable goods and resources
• Ensuring the security of the company premises, fixtures and resources
• Ensuring the safety of company employees and visitors
• Planning and / or execution of occupational health and / or safety processes
• Creation and follow-up of visitor records
• Planning, auditing and execution of information security and data security processes
• Management of suppliers and business partners and planning and execution of consultancy / service procurement processes
• Giving information to authorized institutions and organizations due to legal obligation
• Carrying out management activities
• Carrying out finance and accounting operations
• Carrying out purchase operations of goods and services
• Carrying out sales and operation processes of goods
• Conduct of contract processes
• Carrying out logistics activities
• Realization of company and partnership law transactions

7. Storage, Deletion, Destruction and Anonymousization of Personal Data

Our Company maintains the personal data that it processes pursuant to the principles within the Law as per the durations envisaged by legislations. If such duration is not determined by legislations for maintaining personal data, the personal data are kept until the termination of the purposes for which personal data are processed. In case duration is not determined by legislations for maintaining personal data, the durations for maintaining data shall be determined as per each purpose for data processing considering our Company applications and commercial practices. In that regard, the durations for maintaining data shall be determined by considering our Company applications and commercial practices. Apart from the purposes for processing, personal data may be maintained for citing them as evidence in possible legal conflicts, asserting the relevant rights with respect to personal data or for forming a defense and for responding the information requests delivered from public authorities. In determining the durations for purposes mentioned herein, the legal periods for setting forth the rights and also the Company practices shall be considered. Our Company shall erase, destroy or anonymise personal data following the expiration of said periods. Additionally, personal data may be erased, destroyed or anonymised upon data subject’s request. Pursuant to article 28 of the Law; anonymised data may be processed for research, planning and statistical reasons. Anonymised data shall not be deemed as “personal data” hence they are outside the scope of the Law.

8. Transfer of Personal Data

Your collected personal data can be shared with our suppliers, service providers, business partners, affiliates, shareholders, auditors, group companies and public authoritiesfor the purposes of managing and concluding of our Company’s human resources policies, carrying out obligations arisen from the contracts and law, ensuring and developing work safety, providing legal and commercial safety of our Company and our business partners; determining and implementing trade and business strategies of our Company, performing of our Company’s operations, determining and implementing of the Company’s policies based on the legal grounds: such as provided for by the laws, conclusion or fulfilment of any contract, performing of legal obligations, establishment, exercise or protection of any right, for legitimate interests.

Our Company takes the necessary measures to ensure that the data-sharing party is processing and transferring in accordance with the rules and regulations in this Policy.

Personal data may be transferred abroad without explicit consent of the data subject or sufficient protection is provided in the foreign country where the data is to be transferred and our Company and the data controller in the related foreign country guarantee a sufficient protection in writing and the Board has authorized such transfer, where sufficient protection is not provided.

9. Security of Personal Data

Our Company takes necessary technical and administrative measures for ensuring the secuirty of personal data within, preventing unlawful access to personal data and unlawful processing of personal data as regards to article 12 of the Law

Our Company ensures that the necessary audits are carried out in order to ensure the implementation of the provisions of the Law in accordance with Article 12 of the Law, ensures the compliance of the data processing activities with the Law, makes authorizations in accordance with the nature of the data accessed within the company, and educates all employees, especially those authorized to access personal data with regard to their duties and responsibilities within the scope of the Law and adds provisions regarding the taking of necessary security measures to protect personal data in the contracts concluded with the persons to whom the personal data are transferred.

10. Rights of data subjects

According to the Article of the Law data subjects are entitled to the following rights:

• Learn whether or not data relating to him/her are being processed; Request further information if his/her personal data have been processed;
• Learn the purpose of the processing of personal data and whether or not data are being
• processed in compliance with such purpose;
• Learn the third-party recipients to whom the data are disclosed within the country or

abroad,

• Request rectification of the processed personal data which is incomplete or inaccurate and request such process to be notified to third persons to whom personal data is transferred.
• Request erasure or destruction of data in the event that the data is no longer necessary in relation to the purpose for which the personal data was collected, despite being processed in line with the Law no. 6698 and other applicable laws and request such process to be notified to third persons to whom personal data is transferred.
• Object to negative consequences about him/her that are concluded as a result of analysis of the processed personal data by solely automatic means,
• Demand compensation for the damages he/she has suffered as a result of an unlawful processing operation.

Paragraph 2 of Article 28 of the Law lists the cases where data subjects are not entitled to have the mentioned rights are as follows:

• If personal data processing is required for the prevention of a crime or crime investigation.
• If personal data processingis carried out on the data which is made public by the data subject himself
• If personal data processingis required for inspection or regulatory duties and disciplinary investigation and prosecution to be carried out by the public institutions and organizations and by professional associations having the status of public institution, assigned and authorized for such actions, in accordance with the power conferred on them by the law,
• If personal data processingis required for protection of State’s economic and financial interests with regard to budgetary, tax-related and financial issues.

11. Exercise of Rights by Data subjects

As Data subjects, you can submit your requests relating to your rights through the Application form shared in the website of the Company http://www.pelsantekstil.com.tr.Applications made by you within this scope shall be concluded as soon as possible, free of charge and within thirty (30) days at the latest. However, in case the Personal Data Protection Board determines a fee tariff, a fee may be charged in accordance with this tariff.

In order for third parties to apply on your behalf, you must have given this third party a special power of attorney issued by a notary public.

Our Company may request information from the Related Person in order to determine whether the applicant is the Data subject or not, and ask questions about the application to the Data subject in order to clarify the issues mentioned in the application.

Download Pelsan Application Form