Personal Data Sharing and Communication Permission

ESAN ECZACIBAŞI ENDÜSTRIYEL HAMMADDELER SANAYI VE TICARET A.Ş.
Policy of Protection and Processing of Personal Data

This ESAN Eczacıbaşı Endüstriyel Hammaddeler Sanayi ve Ticaret A.Ş. Policy of Protection and Processing of Personal Data ("Policy") contains the declarations and statements of the Company regarding processing of Personal Data of employee candidates and customers and real persons out of Company employees by ESAN Eczacıbaşı Endüstriyel Hammaddeler Sanayi ve Ticaret A.Ş. ("Company") under the scope of Law on Protection of Personal Data numbered 6698 ("KVK Law").
Our Company reserves the right to make changes to the Policy in order to provide up-to-date information on our practices and legal regulations on the protection of Personal Data. In case of substantial changes to the policy, Data Owners shall be informed through various channels.
The issues regarding Processing of Personal Data of the employees whose Personal Data is processed by our Company are regulated within scope of ESAN Eczacıbaşı Endüstriyel Hammaddeler Sanayi ve Ticaret A.Ş. Policy on Protection and Processing of Personal Data of Employees. 
Definitions related to the concepts used within the scope of this Policy are given in ANNEX-1 by taking into consideration the legislation on protection of personal data.

1) Principles regarding Data Privacy

Our Company acts in accordance with the general principles described below within the scope of all Personal Data Processing activities. 

Acting in accordance with the law and the rules of honesty: Our Company acts in accordance with the applicable legislation and obeys the rules of honesty in all kinds of Personal Data Processing processes.

Accuracy and timeliness: Our Company provides Data Holders with the opportunity to update their Personal Data and takes the necessary measures to ensure that the data is transferred to the databases correctly. 

Processing for specific, clear and legitimate purposes: Our Company restricts Personal Data Processing activities to specific and legitimate purposes and explicitly informs Data Owners through the disclosure texts regarding such purposes. 

Being linked, limited and measured for the purpose for which they are processed: Personal Data is processed by our Company for the purpose that is notified to the Data Owner at the time of the provision, as much as necessary and related and limited. 

Retention for the period prescribed in the relevant legislation or as required for the relevant purpose: Our Company maintains Personal Data during this period if a certain period is determined within the scope of the legislation in force. If no such period is specified in the legislation, reasonable retention periods are determined by considering the purpose of data usage and the procedures of our Company and the data is kept limited to this period. Following the expiry of the aforementioned periods, the data is deleted, destroyed or made anonymous in accordance with the procedures of our Company.  

2) Your Personal Data Collected

Your Personal Data collected by our Company varies according to the nature of the relationship with our Company and the legal obligations. 

Your collected Personal Data can be listed as follows:

The Personal Data types listed do not include all your processed data, and Personal Data similar to the data listed by our Company may be processed.

3) Our Objective regarding Personal Data Processing 

Your Personal Data obtained may be processed within the scope of the Personal Data Processing conditions specified by Articles 5 and 6 of the KVK Law by our Company;

o    Notification of legally required transactions/records, performance of obligations, communication with official institutions, informing authorized institutions 
o    Establishment, execution of contracts and execution, management, planning and execution of relations with customers and post-contract services
o    Monitoring, planning and execution of activities for outsourcing services/consultancy etc.
o    Planning, monitoring and execution of financial and accounting activities
o    Execution of strategic planning activities
o    Realization, planning and execution of activities/improvements and analyzes for accessing systems
o    Planning and execution of information technologies and data security activities
o    Planning and execution of activities for the development, monitoring, control of commercial works, operations,
o    Reporting on activities related to control, data management, analysis, social activities, process development and similar activities
o    Planning and execution of crisis and emergency management activities
o    Planning and execution of the works for the physical/electronic security of the company

o    Planning and execution of actions aimed at increasing the level of perception about the corporation, corporate activities and brand
o    Planning and execution of advertising, sales and marketing operations for customers
o    Planning, management and execution of organizations, meetings, invitations and events
o    Appreciation, loyalty, profiling, satisfaction studies and analysis related to products and services
o    Planning and executing special campaigns, promotions for customers/participants
o    Planning and execution of activities aimed at developing products and services and/or customizing them according to customer by analyzing usage habits and trends of customers/participants
o    Planning and execution of market research activities related to products and services

o    Planning and execution of demand and complaint management activities for receiving, evaluating and finalizing demands and complaints
o    Performing operations, research, analysis and reporting activities aimed at entering into contractual relations with customers or renewing contracts
o    Realization and follow-up of transactions and activities for fulfilling the obligations arising from after-sales services and contractual relationship 

o    Management, development, planning and execution of relations with supplier/dealer/business partner
o    Planning and execution of production and/or operational processes
o    Establishment, development and execution of corporate governance and communication activities
o    Planning and/or execution of business continuity activities
o    Planning and execution of activities such as external training/scholarship/support
o    Execution of strategic planning activities

o    Planning and execution of organizational structuring, follow-up and studies for conducting company activities in accordance with company policies, directives, articles of association and related legislation
o    Informing the authorized institutions and organizations due to the legal obligation and/or performing the activities and obligations related to the audit
o    Ensuring the security of the physical and/or electronic environment of the company and its campus and the parties with which the company is associated
o    Keeping records of people participating in organizations and events
o    Keeping records of the parties to which the Company has business relations and planning and executing the listing activities
o    Performing activities to ensure that data is kept accurate and up-to-date
o    Planning and/or execution of occupational health and/or safety processes
o    Planning and execution of operations and works in accordance with the law for all visitors entering and leaving the company
o    Organizing, planning, executing and auditing the works for the commercial security of the Company and/or the persons with whom the Company has business relations

4) Storing Personal Data

While determining the storage periods of personal data, our company determines considering the legislation in force and the purpose of processing the data subject to the process. In this context, the statutory limitation periods regarding the personal data processing activities must be taken into consideration. In the event that the purpose of Personal Data Processing disappears, the data is deleted, destroyed or anonymized unless there is any other legal reason or basis for keeping Personal Data. 

5) Transferring Personal Data

Your Personal Data may be shared with our suppliers or our suppliers and business partners with whom we cooperate at home or abroad for the above purposes, including benefiting you from the products and services, and the parties providing products or services to or on behalf of our Company. Your Personal Data may also be shared with public authorities and private individuals that are legally authorized under their authority. In cases where your Personal Data is shared, our Company takes the necessary measures to ensure that the data sharing party is processing and transferring in accordance with the rules and provisions of this Policy. 
Your Personal Data may also be subject to transfer in the event that our Company is partially or completely transfer through the sale of shares or if it is subject to merger, division or type change. In the event that your Personal Data is transferred within this scope, necessary steps shall be taken to ensure that the data transferring party complies with the processing and transfer rules in this Policy.

Transfer of your personal data abroad may only be made; 

o    Adequate protection in the country in which the data is transmitted, or
o    In case of insufficient protection in the country where the data is transferred, our Company undertakes adequate protection in writing with the Data Officer in the relevant foreign country and obtaining the permission of the Personal Data Protection Board

6) Data Security

In order to ensure the security of your Personal Data, our Company takes reasonable technical and administrative measures to prevent unauthorized access risks, accidental data loss, deliberate deletion or damage.
Within this scope, our Company;

Records access to Personal Data,

7) Rights of Data Owners 

According to Article 11 of the KVK Law, Data Owners have the following rights against the Data Officer: 

The above rights shall not be exercised except for the right to claim damages for data.

8) Exercise of Rights by Data Owners 

Applications can be made in one of the following ways, so that we can confirm that you are the applicant: 

Our Company responds to data owners who wish to exercise such rights within the limits stipulated in the KVK Law within a maximum of 30 as stipulated in the KVK Law. In order for third parties to apply on your behalf, you must have given this third party a special power of attorney issued by a notary public.
Although your applications are processed free of charge as a rule, if the Personal Data Protection Board determines fees for these applications, you may be charged at this rate. 

Our Company may request information from the Data Owner in order to determine whether the applicant is the Data Owner or not, and ask questions about the application to the Data Owner in order to clarify the issues mentioned in the application.

9) CCTV (Closed Circuit Camera System) Usage

If you visit our company places, your visual and audio data shall be obtained through closed circuit camera system and shall be kept only for the purposes stated below. With the use of closed circuit camera system, it is aimed to prevent and monitor anti-social behaviors and criminal behaviors, to establish the safety of our Company's settlements and tools and equipment in our Company's settlements, to protect the health and safety of visitors and employees who visit our Company's settlements. All technical and administrative measures necessary to ensure the security of your data obtained through closed circuit camera system shall be taken by our Company.