Our organization collects and processes personal data in compliance with the laws of Turkey and European Union Member countries, primarily with the aim of protecting individuals' fundamental rights and freedoms, including the privacy of personal life.
All our personal data processing activities are within the scope of our policy. This includes the processing of personal and sensitive personal data of customers, employees, suppliers, and business partners, as well as any data that the organization collects and processes from any source.
Our organization takes the necessary technical and administrative measures to prevent personal data from being processed illegally, prevent unauthorized access to data, and to ensure the preservation of data, ensuring an appropriate level of security in this regard and conducting or having necessary audits conducted.
In terms of processing personal data, our organization operates in compliance with law and rules of honesty, ensuring accuracy and up-to-date information; pursuing specific, clear, and legitimate purposes; and processing personal data in a connected, limited, and measured manner.
Our organization retains personal data for the period stipulated by laws or as required by the purpose of processing personal data.
Our organization enlightens personal data owners and provides necessary information when data owners request information.
In the case of processing special quality personal data, our organization acts in accordance with the regulations foreseen, refraining from performing actions and activities without explicit consent, except in cases explicitly foreseen by laws.
Our organization acts in accordance with the regulations foreseen by law in the matter of transferring personal data.
Our organization continues its activities aimed at the protection of personal data with traceable, measurable, and assessable goals.
Our organization creates awareness about the protection of personal data among its internal and external stakeholders and communicates relevant obligations.
Our organization conducts training to enhance technical and behavioral competencies with the aim of increasing awareness towards the protection of personal data.
Our organization manages personal data breaches and evaluates the issue according to disciplinary procedures, immediately informing the board officials about crimes and violations that require punishment.
Our organization continuously monitors the confidentiality, integrity, up-to-date nature of personal data, and access authorizations to personal data with process-based asset inventory and process-based risk assessment.
Our organization commits to carrying out practices towards the Personal Data Protection Management System, managing the system systematically, ensuring the continuous improvement of the system, and allocating the resources that the system needs.