Kişisel Verilerin Korunması Politikası

ESAN ECZACIBAŞI ENDÜSTRIYEL HAMMADDELER SANAYI VE TICARET A.Ş.
Policy of Protection and Processing of Personal Data

This ESAN Eczacıbaşı Endüstriyel Hammaddeler Sanayi ve Ticaret A.Ş. Policy of Protection and Processing of Personal Data ("Policy") contains the declarations and statements of the Company regarding processing of Personal Data of employee candidates and customers and real persons out of Company employees by ESAN Eczacıbaşı Endüstriyel Hammaddeler Sanayi ve Ticaret A.Ş. ("Company") under the scope of Law on Protection of Personal Data numbered 6698 ("KVK Law").
Our Company reserves the right to make changes to the Policy in order to provide up-to-date information on our practices and legal regulations on the protection of Personal Data. In case of substantial changes to the policy, Data Owners shall be informed through various channels.
The issues regarding Processing of Personal Data of the employees whose Personal Data is processed by our Company are regulated within scope of ESAN Eczacıbaşı Endüstriyel Hammaddeler Sanayi ve Ticaret A.Ş. Policy on Protection and Processing of Personal Data of Employees. 
Definitions related to the concepts used within the scope of this Policy are given in ANNEX-1 by taking into consideration the legislation on protection of personal data.

1) Principles regarding Data Privacy

Our Company acts in accordance with the general principles described below within the scope of all Personal Data Processing activities. 

Acting in accordance with the law and the rules of honesty: Our Company acts in accordance with the applicable legislation and obeys the rules of honesty in all kinds of Personal Data Processing processes.

Accuracy and timeliness: Our Company provides Data Holders with the opportunity to update their Personal Data and takes the necessary measures to ensure that the data is transferred to the databases correctly. 

Processing for specific, clear and legitimate purposes: Our Company restricts Personal Data Processing activities to specific and legitimate purposes and explicitly informs Data Owners through the disclosure texts regarding such purposes. 

Being linked, limited and measured for the purpose for which they are processed: Personal Data is processed by our Company for the purpose that is notified to the Data Owner at the time of the provision, as much as necessary and related and limited. 

Retention for the period prescribed in the relevant legislation or as required for the relevant purpose: Our Company maintains Personal Data during this period if a certain period is determined within the scope of the legislation in force. If no such period is specified in the legislation, reasonable retention periods are determined by considering the purpose of data usage and the procedures of our Company and the data is kept limited to this period. Following the expiry of the aforementioned periods, the data is deleted, destroyed or made anonymous in accordance with the procedures of our Company.  

2) Your Personal Data Collected

Your Personal Data collected by our Company varies according to the nature of the relationship with our Company and the legal obligations. 

Your collected Personal Data can be listed as follows:

  • Identity Information (T.R. ID number, name and surname, passport number, in case identity card is shared, information written on it, photos, etc. which may vary to the extent required)
  • Contact Information (E-mail address, phone number, mobile number, address, etc.)
  • Location Data (Location information obtained when using our associated services, especially in mobile applications, or using our company's tools, etc.)
  • Customer Information (Customer number associated with the person, customer income information, customer occupation information, vehicle license plate, vehicle information, education information, etc.)
  • Family Members and Acquaintance Information (especially with respect to employee candidates, identity information, contact information and professional, educational information, etc. of the Data Owner's children, spouses)
  • Customer Transaction Information (Call detail record, call center records, credit card statement, box office receipts, customer instructions, records recorded in the related channels etc. depending on the instructions and request associated with the person)
  • Physical Space Security Information (entry-exit records, visit information, camera records, etc.)
  • Transaction Security Information (website password and password information, etc.)
  • Risk Management Information (KKB query results and records, address record system records, IP address tracking records, etc. associated with the personal Data Owner.) 
  • Financial Information (Credit card debt, loan amount, loan payments, interest amount and rate to be paid, debt balance, receivable balance, etc. in parallel with the information coming from the authorities if there is a legal follow-up)
  • Employee Candidate Information (CV, interview notes, personality test results, etc.)
  • Legal Procedures and Compliance Information (data in documents such as court and administrative authority decisions, etc.)
  • Auditing and Inspection Information (Information about all kinds of records and transactions related to our legal follow-up and rights related to Data Owner etc.)
  • Specific Personal Data (information on membership of associations, foundations or trade unions, data on health, data on criminal convictions and security measures)
  • Marketing Information (reports and evaluations related to the habits, likes of the person who is associated with the Data Owner and used for marketing purposes, targeting information, cookie records, data enrichment activities, surveys conducted with the person, satisfaction surveys, campaigns and information obtained from direct marketing studies, etc.)
  • Demand/Complaint Management Information (information and records collected about requests and complaints made to our Company related to our products and services related to the person and information regarding reports where the results are evaluated by the relevant business units, etc.)
  • Reputation Management Information (information related to the person and collected for the purpose of protecting the commercial reputation of our company, etc.)
  • Audio Visual Data (photographs, camera recordings, audio recordings, etc.)

The Personal Data types listed do not include all your processed data, and Personal Data similar to the data listed by our Company may be processed.

3) Our Objective regarding Personal Data Processing 

Your Personal Data obtained may be processed within the scope of the Personal Data Processing conditions specified by Articles 5 and 6 of the KVK Law by our Company;

  • •    Within the scope of the establishment, coordination, development, execution, planning and execution of business development activities specific to the Company;

o    Notification of legally required transactions/records, performance of obligations, communication with official institutions, informing authorized institutions 
o    Establishment, execution of contracts and execution, management, planning and execution of relations with customers and post-contract services
o    Monitoring, planning and execution of activities for outsourcing services/consultancy etc.
o    Planning, monitoring and execution of financial and accounting activities
o    Execution of strategic planning activities
o    Realization, planning and execution of activities/improvements and analyzes for accessing systems
o    Planning and execution of information technologies and data security activities
o    Planning and execution of activities for the development, monitoring, control of commercial works, operations,
o    Reporting on activities related to control, data management, analysis, social activities, process development and similar activities
o    Planning and execution of crisis and emergency management activities
o    Planning and execution of the works for the physical/electronic security of the company

  • Customization of products and services for individuals, designing and execution of profiling, promotion and marketing activities

o    Planning and execution of actions aimed at increasing the level of perception about the corporation, corporate activities and brand
o    Planning and execution of advertising, sales and marketing operations for customers
o    Planning, management and execution of organizations, meetings, invitations and events
o    Appreciation, loyalty, profiling, satisfaction studies and analysis related to products and services
o    Planning and executing special campaigns, promotions for customers/participants
o    Planning and execution of activities aimed at developing products and services and/or customizing them according to customer by analyzing usage habits and trends of customers/participants
o    Planning and execution of market research activities related to products and services

  • Within the scope of editing and/or execution of demand and complaint management and after-sales processes;

o    Planning and execution of demand and complaint management activities for receiving, evaluating and finalizing demands and complaints
o    Performing operations, research, analysis and reporting activities aimed at entering into contractual relations with customers or renewing contracts
o    Realization and follow-up of transactions and activities for fulfilling the obligations arising from after-sales services and contractual relationship 

  • Within the scope of planning, execution and management of corporate relations;

o    Management, development, planning and execution of relations with supplier/dealer/business partner
o    Planning and execution of production and/or operational processes
o    Establishment, development and execution of corporate governance and communication activities
o    Planning and/or execution of business continuity activities
o    Planning and execution of activities such as external training/scholarship/support
o    Execution of strategic planning activities

  • Within the scope of ensuring the legal, technical and commercial-business security of the Company and the related persons in the business relationship with the Company and carrying out activities for the fulfillment of legal obligations;

o    Planning and execution of organizational structuring, follow-up and studies for conducting company activities in accordance with company policies, directives, articles of association and related legislation
o    Informing the authorized institutions and organizations due to the legal obligation and/or performing the activities and obligations related to the audit
o    Ensuring the security of the physical and/or electronic environment of the company and its campus and the parties with which the company is associated
o    Keeping records of people participating in organizations and events
o    Keeping records of the parties to which the Company has business relations and planning and executing the listing activities
o    Performing activities to ensure that data is kept accurate and up-to-date
o    Planning and/or execution of occupational health and/or safety processes
o    Planning and execution of operations and works in accordance with the law for all visitors entering and leaving the company
o    Organizing, planning, executing and auditing the works for the commercial security of the Company and/or the persons with whom the Company has business relations

4) Storing Personal Data

While determining the storage periods of personal data, our company determines considering the legislation in force and the purpose of processing the data subject to the process. In this context, the statutory limitation periods regarding the personal data processing activities must be taken into consideration. In the event that the purpose of Personal Data Processing disappears, the data is deleted, destroyed or anonymized unless there is any other legal reason or basis for keeping Personal Data. 

5) Transferring Personal Data

Your Personal Data may be shared with our suppliers or our suppliers and business partners with whom we cooperate at home or abroad for the above purposes, including benefiting you from the products and services, and the parties providing products or services to or on behalf of our Company. Your Personal Data may also be shared with public authorities and private individuals that are legally authorized under their authority. In cases where your Personal Data is shared, our Company takes the necessary measures to ensure that the data sharing party is processing and transferring in accordance with the rules and provisions of this Policy. 
Your Personal Data may also be subject to transfer in the event that our Company is partially or completely transfer through the sale of shares or if it is subject to merger, division or type change. In the event that your Personal Data is transferred within this scope, necessary steps shall be taken to ensure that the data transferring party complies with the processing and transfer rules in this Policy.

Transfer of your personal data abroad may only be made; 

  • In your express Consent, or
  • In cases where one or more of the other data processing conditions specified in the KVK Law are met;

o    Adequate protection in the country in which the data is transmitted, or
o    In case of insufficient protection in the country where the data is transferred, our Company undertakes adequate protection in writing with the Data Officer in the relevant foreign country and obtaining the permission of the Personal Data Protection Board

6) Data Security

In order to ensure the security of your Personal Data, our Company takes reasonable technical and administrative measures to prevent unauthorized access risks, accidental data loss, deliberate deletion or damage.
Within this scope, our Company;

Records access to Personal Data,

  • Provides data security by using software and hardware including virus protection systems and firewalls,
  • Follows up personal data processing activities on a business unit basis,
  • Ensures that necessary audits are carried out in order to ensure the implementation of the provisions of the KVK Law in accordance with Article 12 of the KVK Law,
  • Ensures that the internal policies and procedures and data processing activities comply with the KVK Law,
  • Makes authorizations appropriate to the nature of the data accessed within the company, 
  • Restricts access to Special Personal Data to more stringent measures, 
  • Makes additional security checks on persons with access to Personal Data, 
  • In case of external access to Personal Data due to outsourcing, our Company takes commitments to ensure compliance with the KVK Law by the external service provider,
  • It takes the necessary actions to inform all employees, especially those authorized to access Personal Data, about their duties and responsibilities under the KVK Law. 

7) Rights of Data Owners 

According to Article 11 of the KVK Law, Data Owners have the following rights against the Data Officer: 

  • To find out if Personal Data has been processed or to request information about it.
  • To learn the purpose of processing the personal data and whether or not the personal data has been used in accordance with the declared purpose, 
  • To know about the third parties at home and abroad, to which the personal data has been transferred, 
  • To request for the correction of the personal data, if such data were processed incompletely or incorrectly,
  • To request the deletion or destruction of Personal Data in accordance with the conditions stipulated in the relevant legislation, to request that the transactions carried out be notified to the third parties to whom the Personal Data has been transferred.
  • To object to any consequence that may arise against himself/herself through the analysis of the processed data exclusively by means of automated systems, 
  • To request for compensation of any damages incurred by himself/herself due to unlawful processing of personal data, Paragraph 2 of Article 28 of the KVK Law lists the cases where data holders are not entitled to claim and
  • Personal data processing is necessary for crime prevention or crime investigation,
  • Processing of personal data publicized by the person concerned,
  • Personal data processing is required by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions for the conduct of audit or regulation duties and for disciplinary investigation or prosecution based on the authority granted by law,
  • Personal data processing is necessary for the protection of the economic and financial interests of the State in relation to budget, tax and financial matters,

The above rights shall not be exercised except for the right to claim damages for data.

8) Exercise of Rights by Data Owners 

Applications can be made in one of the following ways, so that we can confirm that you are the applicant: 

  • The application transferred to ESAN Eczacıbaşı Endüstriyel Hammaddeler Sanayi ve Ticaret A.Ş. by delivering personnally with signature, via notary public, or registered letters,
  • The application signed with a secure electronic signature issued under the Electronic Signature Law No. 5070 and sent to ESAN Eczacıbaşı Endüstriyel Hammaddeler Sanayi ve Ticaret A.Ş.’s esaneczacibasi@hs01.kep.tr address,
  • Following another method prescribed by the Personal Data Protection Board. 

Our Company responds to data owners who wish to exercise such rights within the limits stipulated in the KVK Law within a maximum of 30 as stipulated in the KVK Law. In order for third parties to apply on your behalf, you must have given this third party a special power of attorney issued by a notary public.
Although your applications are processed free of charge as a rule, if the Personal Data Protection Board determines fees for these applications, you may be charged at this rate. 

Our Company may request information from the Data Owner in order to determine whether the applicant is the Data Owner or not, and ask questions about the application to the Data Owner in order to clarify the issues mentioned in the application.

9) CCTV (Closed Circuit Camera System) Usage

If you visit our company places, your visual and audio data shall be obtained through closed circuit camera system and shall be kept only for the purposes stated below. With the use of closed circuit camera system, it is aimed to prevent and monitor anti-social behaviors and criminal behaviors, to establish the safety of our Company's settlements and tools and equipment in our Company's settlements, to protect the health and safety of visitors and employees who visit our Company's settlements. All technical and administrative measures necessary to ensure the security of your data obtained through closed circuit camera system shall be taken by our Company.