Clarification Text

Personal Data Protection Information Text

Data Controller

Data controller information: Name: ENG Zemin İnşaat Sanayi A.Ş. (ENG Zemin) (Internet address: https://www.engzemin.com/ ); Phone: 0312 466 55 51 Address: Çayyolu Mahallesi 2661/1 Sokak No: 4/4 Ümitköy – Çankaya ANKARA | TURKEY E-Mail: info@engzemin.com The personal data of persons related to ENG Zemin, including our customers and employees, within the framework of the Constitution and international agreements to which Turkey is a party and the relevant legislation, primarily the Personal Data Protection Law No. 6698 (KVKK); we attach importance to the protection of your personal data and we inform you on this issue.

Purposes of Processing Your Personal Data

Your personal data; To be able to carry out the necessary studies for you to benefit from our services and activities, To process the services and activities offered by ENG Zemin in order to provide you with better service within the scope of user satisfaction and to create pre-registration, To inform you about our new services and activities, to provide you with the most suitable product and service in this direction, To be able to carry out ENG Zemin human resources policies, To be able to respond to all your questions and complaints regarding our services and activities, To be able to measure customer satisfaction, To be able to develop, improve and disseminate our services and activities, To ensure that you can share quickly and without obstacles by ensuring that the site infrastructure is associated with the site, It is necessary to process personal data belonging to the parties to the contract due to being directly related to the performance of the contract, It may be processed for its purposes.

Scope

Your personal data is kept on our ENG Zemin domestic server, and our server panel is kept domestically in the necessary panel service as required.

Transfer of Your Personal Data

Personal data cannot be transferred without the explicit consent of the relevant person, except for the exceptions specified in the KVKK. ENG Zemin does not transfer your personal data to 3rd parties in any way, except for legal obligations. ENG Zemin carries out procedures in accordance with the Constitution of the Republic of Turkey and the Personal Data Protection Law No. 6698, especially Articles 8 and 9, in its personal data transfer policy.

Method of Collection and Legal Reason of Your Personal Data

Your personal data is seen electronically in the “offer text” and/or “communication” menu within the scope of “e-mail correspondence” for the purpose and scope specified above, and this situation is applied within the scope of obligation for the contract and customer communication.

Definitions and Abbreviations

In this section, special terms and phrases, concepts, abbreviations, etc. words used in the Policy are briefly explained. Explicit consent: Consent given on a specific subject, based on information and free will, with a clarity that leaves no room for hesitation, and limited only to that transaction. Anonymization: Making personal data in such a way that it cannot be associated with an identified or identifiable natural person in any way, even by matching it with other data. Employee: ENG Ground staff Personal Data Owner (relevant person): The natural person whose personal data is processed Personal Data: Any information related to an identified or identifiable natural person. Special Personal Data: Data related to individuals’ race, ethnic origin, political opinion, philosophical belief, religious sect or other beliefs, dress code, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data. Processing of Personal Data: Any operation performed on personal data, such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing its use, in whole or in part, by automatic means or non-automatic means provided that it is part of any data recording system. Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller. Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. KVKK Board: Personal Data Protection Board KVKK Institution: Personal Data Protection Institution KVKK: Personal Data Protection Law published in the Official Gazette dated April 7, 2016 and numbered 29677 Policy: ENG Zemin Personal Data Protection and Processing Policy

Your Rights Regarding the Protection of Your Personal Data

Regarding your personal data;

Learning whether your personal data is processed,
Requesting information about your personal data if it is processed,
Learning the purpose of processing your personal data and whether it is used in accordance with its purpose,
Knowing the third parties to whom your personal data is transferred domestically or abroad,
If your personal data is incomplete or incorrect

You have the right to request correction of these if they have been processed,
To object to the emergence of a result against you by analyzing your processed data exclusively through automated systems,
To request compensation for the damages if you suffer damages due to the unlawful processing of your personal data.

You can submit your request regarding the exercise of these rights to us in writing or in accordance with the method determined by the Personal Data Protection Board if a separate method is determined. You can make your request by calling “0312 466 55 51”, addressing “Çayyolu Mahallesi 2661/1 Sokak No: 4/4 Ümitköy – Çankaya ANKARA | TURKEY” or by e-mailing info@engzemin.com. Roles and Responsibilities

Management:

The Board of Directors is responsible for the determination and operation of notification, investigation and sanction mechanisms in case of non-compliance with the Policy, rules and regulations.

Implementers:

The Personal Data Protection and Processing Policy is the authorized approval mechanism for the creation, implementation and, if necessary, updating of the Policy by the Implementers. Implementers are responsible for the activities they are responsible for,

Taking the necessary measures for the compliance of the companies from which external services are received with the Policy,

Acting and being in compliance with the Legislation in the Processing of Personal Data,
ENG ZeminPrivacy Owner is responsible for examining and reporting the issues in order to examine the issues that are contrary to the Policy.

Legal:

The preparation, development, implementation and updating of this Policy are carried out by the Legal Officer.

Legal Obligations

Legal obligations within the scope of the protection and processing of personal data as the data controller in accordance with the KVKK are listed below:

Our obligation to inform

While collecting personal data as the data controller;

For what purpose your personal data will be processed,
Our identity, information regarding the identity of our representative, if any,
To whom and for what purpose your processed personal data can be transferred,
Our method of collecting data and its legal basis,
Rights arising from the law, we have the obligation to inform the Relevant Person about these issues.

As ENG Zemin, we take care to ensure that this policy, which is open to the public, is clear, understandable and easily accessible.

Our obligation to ensure data security:

As the data controller, we take the administrative and technical measures prescribed in the legislation to ensure the security of personal data in our organization. Obligations and measures taken regarding data security are detailed in this Policy.

CLASSIFICATION OF PERSONAL DATA

Personal data:

Personal data is any information related to an identified or identifiable natural person. The protection of personal data is only related to natural persons, and information belonging to legal entities that do not contain information about a natural person is excluded from personal data protection. Therefore, this Policy does not apply to data belonging to legal entities.

Special personal data:

Individuals’ race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data are special personal data. PROCESSED PERSONAL DATA At ENG Zemin, “e-mail”, “name-surname”, “telephone”, “company name” information for “communication” and “offer text” purposes are processed within the scope of e-mail.

PROCESSING OF PERSONAL DATA

Our Personal Data Processing Principles

We process personal data in accordance with the principles set out below. Processing in accordance with the law and the rules of integrity: We process personal data in accordance with the rules of integrity, in a transparent manner and within the framework of our obligation to inform. Ensuring that personal data is accurate and up-to-date when necessary: ​​In order to ensure that the processed data is accurate and up-to-date, we take the necessary measures in our data processing procedures, and we offer the Personal Data Owner the opportunity to apply to us to update their data and correct any errors in the processed data, if any. Processing for specific, clear and legitimate purposes: As ENG Zemin, we process personal data within the scope and content of which are clearly defined, within the scope of our legitimate purposes determined to continue our activities within the framework of legislation and the ordinary course of business life. Personal data being connected, limited and proportionate to the purpose for which they are processed: We process personal data in a way that is clearly and precisely connected, limited and proportionate to the purpose we have determined. We avoid processing personal data that is not relevant or does not need to be processed. Therefore, unless there is a legal requirement, we do not process special personal data or obtain explicit consent when we need to process it. Storage of personal data for the duration prescribed by legal regulations and for our legitimate commercial interests Many regulations in the legislation require personal data to be stored for a certain period of time.

e requires storage. Therefore, we store the personal data we process for the period stipulated in the relevant legislation or required for the purposes of processing personal data. In case the storage period stipulated in the legislation expires or the purpose of processing disappears, we delete, destroy or anonymize personal data. Our principles and procedures regarding storage periods are detailed in the article of this policy.

Purposes of Processing Personal Data

ENG Zemin processes personal data for purposes similar to the ones listed below, but not limited to those listed:

Performing our activities,
Providing support services to customers within the scope of the contract and within the framework of service standards,
Determining the preferences and needs of our customers and shaping and updating the services we provide within this scope,
Ensuring that our legal obligations are fulfilled as required or made mandatory by legal regulations,
Evaluating job applications,
Providing contact with persons who have a business relationship with ENG Zemin,
Advertisement,
Legal reporting,
Invoicing.

Processing of Sensitive Personal Data

Sensitive personal data; It is not processed within the scope of this business. Processing of personal data for human resources and employment purposes: We process, store and transfer your personal data in other documents such as resumes, diplomas, etc. that you share with us during your applications as a Personnel Candidate for the purpose of evaluating job applications. The processing, transfer and storage of personal data that you share as a Personnel Candidate are within the scope of this Policy. Exceptional cases where explicit consent is not required for processing personal data We may process personal data without obtaining explicit consent in the exceptional cases listed below and arising from the law:

It is clearly provided for in the laws;
Provided that it is directly related to the establishment or execution of a contract, the processing of personal data belonging to the parties to the contract is necessary;
Data processing is mandatory for the establishment, exercise or protection of a right;
Provided that it does not harm fundamental rights and freedoms, it is mandatory for us to process your data for our legitimate interests as the data controller.

SECURITY AND STORAGE OF PERSONAL DATA

Storing of personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed:

We store personal data for the period required for the purpose of processing personal data, without prejudice to the storage periods stipulated in the legislation. In cases where we process personal data for more than one purpose, if the purposes of processing the data are eliminated or if there is no obstacle in the legislation to the deletion of the data upon the request of the Relevant Person, the data is deleted, destroyed or stored by being anonymized. Legislative provisions and KVKK decisions are applied in terms of destruction, deletion or anonymization.

Measures we take regarding the storage of personal data:

Technical measures

We create technical infrastructures and related control mechanisms for the deletion, destruction and anonymization of personal data,
We take necessary measures for the safe storage of personal data,
We employ employees with technical expertise,
We create business continuity and emergency plans against possible risks and develop systems for their implementation,
We establish security systems in accordance with technological developments regarding the storage areas of personal data.

Administrative measures

We inform our employees about the technical and administrative risks related to the storage of personal data and raise awareness,
In case of cooperation with third parties for the storage of personal data, we include provisions regarding the necessary security measures to be taken for the protection and safe storage of the transferred personal data and the persons to whom the personal data is transferred, in the contracts made with ENG Zemin.

Our obligations regarding the security of personal data:

Personal data;

To prevent unlawful processing,
To prevent unlawful access,
To ensure that it is stored in accordance with the law,

we take administrative and technical measures according to technological possibilities and implementation costs.

In cases where cooperation is made with third parties for the processing of personal data, the contracts made with ENG Zemin, which processes personal data, include provisions regarding the persons processing personal data to take the necessary security measures,
In case of unlawful disclosure of personal data or data leakage, we notify the KVK Board of the situation and carry out the examinations and take the measures stipulated by the legislation in this regard.

RIGHTS OF THE PERSONAL DATA OWNER (RELATED PERSON)

Within the scope of our obligation to inform, we inform the Personal Data Owner and establish systems and infrastructures regarding this information. In order for the Personal Data Owner to exercise his/her rights regarding his/her personal data,

n We are making the necessary technical and administrative arrangements. Personal Data Owner has the right to;

Learn whether personal data is processed,
Request information about personal data if it is processed,
Learn the purpose of processing personal data and whether it is used in accordance with its purpose,
Know the third parties to whom personal data is transferred domestically or abroad,
Request correction of personal data if it is processed incompletely or incorrectly,
Request deletion or destruction of personal data if the reasons requiring processing of personal data are eliminated,
Request notification of the above-mentioned correction, deletion or destruction processes to third parties to whom personal data is transferred,
Object to the emergence of an adverse result by exclusively analyzing the processed data through automated systems,
Request compensation for damages in case of damages due to unlawful processing of personal data.

Exercise of rights regarding personal data:

In the application that the Personal Data Owner will make to exercise the above-mentioned rights and include explanations regarding the right he/she requests to exercise; the requested subject must be clear and understandable, the requested subject must be related to the applicant or if acting on behalf of someone else, the applicant must be specifically authorized in this regard and this authority must be documented, the application must also include identity and address information and documents proving his/her identity must be attached to the application. Such requests must be made individually and requests made by unauthorized third parties regarding personal data will not be evaluated. If the Relevant Person has not reached the age of 18, the above-mentioned rights may be exercised by the Relevant Person’s parent or legal representative on behalf of the Relevant Person. In this case, the identity information of the parent or legal representative must be attached to the application along with documents proving the Relevant Person’s identity.

EVALUATION OF THE APPLICATION

Time period for responding to the application:

Requests regarding personal data are finalized free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, a fee determined by the Personal Data Protection Board may be charged. Additional information and documents may be requested during the application or while the application is being evaluated.

Our right to reject the application:

Applications regarding personal data, including but not limited to the following;

Processing of personal data for purposes such as research, planning and statistics by making it anonymous with official statistics,
Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate the privacy of private life or personal rights or constitutes a crime,
Processing of personal data made public by the Personal Data Owner,
The application is not based on a justified reason,
The application contains a request contrary to the relevant legislation,
The application procedure is not complied with, etc. In such cases, the reason for rejection is explained and rejected.

If the request is accepted, the relevant procedure is implemented and a notification is made in writing or electronically. In case the request is rejected, the reason is explained and the applicant is notified in writing or electronically.

Right to complain to the Personal Data Protection Board:

In cases where the application is rejected, the response we provide to the application is found insufficient or the response is not given in due time; the applicant has the right to complain to the Personal Data Protection Board within 30 (thirty) days from the date of learning the response and in any case within 60 (sixty) days from the date of application.

PUBLICATION AND STORAGE OF THE DOCUMENT

This Policy is stored in two different media: printed paper and electronic media. The current version of the documents is available on the institution portal and website.

RENEWAL

This Policy is reviewed at least once a year and updated if necessary.

ENFORCEMENT

This policy enters into force as soon as it is published on the website https://www.engzemin.com/. APPLICABLE LAW If you access or use this website, the applicable law for resolving any issues that may arise regarding the content of the website and your access and use is Turkish Law, and Ankara Courts are authorized.

REPEAL

This policy is deemed to be repealed as soon as it is deleted from the https://www.engzemin.com/ website.