“LAW ON THE PROTECTION OF PERSONAL DATA”
Declaration
Definitions
Personal Data: All the information relating to an identified or identifiable natural person,
Law on the Protection of Personal Data (“KVKK”): the Law on Personal Data Protection Nr.6698 enacted on 7th April 2016 after published on the Official Gazette,
Data Processor: The natural or legal person who processes personal data on behalf of the controller upon his authorization
Data Controller: The natural or legal person who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system.
Data Subject: The natural person, whose personal data is processed.
NORM HOLDING A.Ş. (“Company”) has the principles of protecting the fundamental rights and freedoms, protecting the privacy of private life, ensuring and protecting the information security, and respect for the ethical values. For this reason, in order to fulfill our responsibility of clarification arising from the Article 10 of the Law on Personal Data Protection (KVKK), below is the declaration;
Data Controller
For your personal data, the “Data Controller” is “NORM HOLDING A.Ş.” registered with registration number “198267” in İzmir Trade Registry and having MERSIS number of 0631078677800001. The address of registered office is “10007 SOKAK NO:1/3 A.O.S.B. ÇİĞLİ/İZMİR”.
Parties the Data Are Collected From
Within the scope of the Law on the Protection of Personal Data, the parties that are listed below and we are in business relationship with are as follows;
Data Collected and Processed by Our Company
Within the scope of Articles 5 and 6 of the Law on Personal Data Protection, our Company collects and processes the data specified below;
Our Company’s Objectives for Data Collection
Within the scope of Articles 5 and 6 of the Law on Personal Data Protection, our Company collects and processes personal data within the scope of and limited to the following objectives;
Transfer of Data Collected and Processed within the Scope of Our Company’s Objectives
Your data collected by our Company within the scope of personal data processing objectives and conditions specified in Articles 8 and 9 of the Law on Personal Data Protection may be shared with our associates, shareholders (only anonymously), and legally authorized institutions and persons and other persons within the limit of objectives specified above.
Method and Legal Reason of Data Collection by Our Company
In accordance with the principle of proportionality and limited to the legally specified and legitimate purposes specified above, the personal data are verbally, written, and/or electronically collected, used, recorded, stored, and processed by our Company by clearly and understandably informing the personal data owners in written or orally through written, oral, and/or electronic notifications and by obtaining their explicit consent (if necessary).
We undertake that your personal data will never be processed, transferred to 3rd parties within or outside our country, and never be stored for the purposes other than those specified in this declaration.
Retention Period for the Data Collected by Our Company
Your personal data are stored for a period specified in relevant regulations or, if not specified in the relevant regulations, as long as needed for the processes of our Company and the practice in business life or required by the data processing objectives specified above. At the end that period, your personal data will be erased, destructed or anonymized according to the Article 7 of the Law on Personal Data Protection.
Security of Your Data Collected and Processed by Our Company
In order to protect your personal data from any damage, loss and/or unauthorized access while processed and stored, the technical and administrative measures specified by Information Security Management System (ISO 27001 Standard and Code of Good Conduct 27018, 27701) encouraged by our administration, the requirements specified for Personal Data Protection Management System (Bureau Veritas – Technical Standard of Data Protection), and necessities specified in Personal Data Security Guideline of the Personal Data Protection Board are continuously followed and enhanced within the principle of continuous improvement.
The Rights of Person, Whose Personal Data Have Been Collected and Processed
According to the Article 11 of the Law on Personal Data Protection, each person has the right to apply to the Data Controller and
ı) to request compensation for the damage arising from the unlawful processing of his personal data.
Methods for Application within the Scope of Data Subject’s Rights
According to the Paragraph 1 of Article 13 of Law on Protection of Personal Data, your request to exercise your rights upon the “Notification on the Principles and Procedures of Application to the Data Controller” published on 10th March 2018 with Nr.30356 shall be made using the methods and information specified below.
Necessary information for application;
Application Methods;
*Address of “NORM HOLDING A.Ş”:
10007 SOKAK NO:1/3 A.O.S.B. ÇİĞLİ/İZMİR
Registered electronic mail address: normholding@hs02.kep.tr
+90 232 325 00 08
info@nrmmuhendislik.com.tr
NRM Mühendislik Makina A.Ş.
10010 Sok. No 21/1 AOSB Mahallesi
Çiğli / İzmir / TÜRKİYE