Personal Data Protection Authority
1. PURPOSE
The right to request the protection of personal data is guaranteed by the Constitution. As Koza Mesken İmar ve İnşaat Anonim Şirketi (“Koza Mesken”), we consider fulfilling the requirements of this right to be one of our most important duties. For this reason, we attach great importance to the lawful processing and protection of your personal data.
The Corporate Personal Data Protection Policy has been prepared as a result of the importance we attach to the protection of personal data, with the aim of determining the principles we adhere to and the procedures we implement when processing and protecting personal data.
2. SCOPE
All personal data managed by Koza Mesken covers any and all operations performed on data, such as obtaining, recording, storing, preserving, modifying, reorganising, disclosing, transferring, acquiring, making available, classifying, or preventing the use of such data.
The Policy applies to all personal data processed by our company’s partners, authorised representatives, customers, employees, supplier representatives and employees, and third parties.
3. DEFINITIONS
| Abbreviation | Definition |
| Recipient Group | The category of natural or legal persons to whom the data controller transfers personal data. |
| Explicit Consent | Consent that is specific to a particular matter, based on information and freely given. |
| Anonymisation | The processing of personal data in such a way that it cannot be associated with any identifiable or identifiable natural person, even when combined with other data. |
| Relevant Person |
The natural person whose personal data is processed. |
|
Relevant User |
The person responsible for the technical storage, protection and backup of data |
| Destruction | The deletion, destruction or anonymisation of personal data. |
| Law/KVKK | Law No. 6698 on the Protection of Personal Data. |
|
Recording Medium |
Any environment containing personal data that is processed automatically, either wholly or partly, or by non-automated means as part of a data recording system. |
| Personal Data | Any information relating to an identified or identifiable natural person. |
|
Data Inventory |
Data controllers’ personal data processing activities carried out in accordance with their business processes; an inventory detailing the purposes and legal basis for processing personal data, the data category, the recipient group to whom the data is transferred, and the group of data subjects to whom the data relates, along with the maximum retention period necessary for the purposes for which the personal data is processed, personal data intended for transfer to foreign countries, and the measures taken regarding data security. |
|
Processing of Personal Data |
Any operation performed on personal data, such as the collection, recording, storage, retention, alteration, reorganisation, disclosure, transfer, acquisition, making available, classification, or restriction of use of such data, whether fully or partially automated or carried out by non-automated means as part of a data recording system. |
|
Board |
Personal Data Protection Board. |
|
Institution |
Personal Data Protection Authority |
|
Special Category Personal Data |
Data concerning individuals’ race, ethnic origin, political opinion, philosophical belief, religion, denomination or other beliefs, attire and clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. |
|
Periodic Disposal |
Where all the conditions for processing personal data set out in the Law cease to exist, the deletion, destruction or anonymisation process to be carried out automatically at recurring intervals as specified in the personal data storage and destruction policy. |
|
Policy |
Personal Data Protection Policy |
|
Data Processor |
A natural or legal person processing personal data on behalf of the data controller based on the authority granted by the data controller. |
|
Data Controller |
The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. |
4. GENERAL PRINCIPLES
As Koza Mesken, when processing your personal data, we:
Comply with the law and rules of good faith,
Ensure that personal data is accurate and, where necessary, kept up to date,
We ensure that the purpose of processing is specific, clear and legitimate,
We verify that the processed data is relevant to the purpose of processing, processed only to the extent necessary and proportionate,
We retain data only for as long as required by relevant legislation or necessary for the purpose of processing, and we destroy it when the purpose of processing ceases to exist, taking administrative and technical measures to this end.
5. RIGHTS OF THE DATA SUBJECT REGARDING PERSONAL DATA
For requests regarding your personal data, you can contact us by filling out the Personal Data Request Form at www.kozamesken.com. In this context, you can apply to our company and make requests regarding the following matters.
- To learn whether your personal data has been processed,
- To request information about the processing of your personal data,
- To learn the purpose of the processing of your personal data and whether it is being used for its intended purpose,
- To learn the third parties to whom your personal data has been transferred within or outside the country,
- Requesting the correction of your personal data if it has been processed incompletely or incorrectly, and requesting that this action be communicated to third parties to whom your personal data has been transferred,
- To request the deletion, destruction or anonymisation of their personal data if the reasons for processing it no longer exist, even if it has been processed in accordance with the provisions of the KVKK and other relevant laws, and to request that the third parties to whom their personal data has been transferred be notified of this action,
- To object to the emergence of a result against them through the analysis of their processed data exclusively by means of automated systems,
- To request compensation for damages incurred due to the unlawful processing of their personal data.