Policy on Protection, Processing of Personal Data and Confidentiality

1) Objective

As EAE ELEKTRİK ASANSÖR ENDÜSTRİSİ İNŞAAT SAN. VE TİC. A.Ş. (hereinafter shall be referred to as "EAE ELECTRIC"), our top priority is to ensure that the personal data of the real entities including our customers, suppliers and employees is processed in accordance with the Constitution of the Republic of Turkey and the international conventions on the human rights to which our country is a party and the relevant legislation, particularly the Law on Protection of Personal Data No. 6698 ("LPPD") and effective exercise of the rights of the related persons with the personal data processed.

Therefore, we have been performing the processes related to the processing, retention, transfer of the personal data of the real entities including but not limited to our employees, suppliers, customers, users visiting our website acquired through automated or non-automated means provided to be a part of any data recording system during our operations and processes in accordance with EAE ELECTRIC Policy on Protection and Processing of the Personal Data (hereinafter shall be referred to as "Policy").

Protection of personal data and observance of the fundamental rights and freedoms of real persons with the personal data collected are the basic principles of our policy with respect to the processing of personal data. Therefore, we have been sustaining and maintaining our entire activities and operations in which the personal data is processed by observing the right to protect the right of privacy, confidentiality of communication, freedom of thought and belief, and to practice effective legal remedies. We take the entire administrative and technical protection measures and precautions required by the relevant data nature in accordance with the legislation and the applicable technology for the protection of the personal data.

This Policy describes the methods applied by us for the processing, retention, transfer and deletion of the personal data disclosed during our commercial or social responsibility and similar activities and operation within the framework of the principles set forth in the LPPD.

2) Scope

The entire personal data of our customer, business contacts, employees, suppliers, potential customers and various third parties processed by the Corporation is within the scope of this Policy.

Our Policy is applied in the entire activities and operations for processing of the personal data, owned or managed by the Corporation and addressed and drawn up by observing LPDD and other legislation and regulations related to the personal data and the international standards applicable in this field.

3) Definitions And Abbreviations

The special terms and phrases, concepts, abbreviations, etc. used in this Policy shall have the following meanings.

Corporation:EAE ELECTRIC
Explicit Consent: Refers to approval granted only limited to the particular process or transaction related to a certain matter, based on information and freewill with the explicitness beyond any doubt.
Employee: Corporate personnel.
Personal Data Subject (Related Person): Refers to the real entity with the personal data processed.
Personal Data: All sorts of information relating to an identified or identifiable real entity.
Personal Data of Special Nature: Refers to the data on a person''s race, ethnic origin, political and philosophical opinions, religion, religious sect and other beliefs, apparel, membership information to associations, foundations or syndicates, sexual life, conviction, security measures, biometric and genetic information
Processing of Personal Data: Refers to all sorts of processes and transactions performed on the data such as acquiring, recording, storing, maintaining, altering, rearranging, disclosing, rendering to a retrievable state, classifying or prevention of using personal data entirely or partially through entirely or partially automated or non-automated ways provided to be a part of any data registry system.
Data Processor: Refers to the real or legal entity processing personal data on behalf of the data supervisor based on the authorization granted by the data supervisor.
Data Controller: Refers to the real or legal entity determining the objectives and instruments of personal data processing and responsible for the installation and management of data recording system,
Personal Data Protection Board: Refers to the Personal Data Protection Board.
Personal Data Protection Institution: Refers to the Personal Data Protection Institution.
LPPD: Law on Protection of Personal Data promulgated on the Official Gazette dated April 7, 2016 and No. 29677.
Policy: EAE ELECTRIC Policy on Protection, Processing of Personal Data and Confidentiality.

4) Roles and Responsibilities

Committee for Personal Data Protection

The Committee for Personal Data Protection, established within EAE ELECTRIC and comprising of representatives of Human Resources, Accounting, Data Processing, Quality, Sales Departments and Senior Management are responsible for drawing up this policy and keeping it updated. In case of determination of any action and behavior inconsistent and contrary to the provisions of this Policy, the Committee for Personal Data Protection assessed the situation in accordance with the Procedure for Management of Personal Data Breach Incident.

5) Legal Obligations

The legal obligations accordance with LPPD within the scope of protection and processing of personal data acting with the capacity of the data controller are as follows:

5.1 Our Clarification Obligation
  • Purpose of processing of your personal data,
  • Information on our identity and our representative, if any,
  • To whom and for which purposes your processed personal data may be transferred,
  • Our data collection method and legal grounds for the collection of data,
  • Rights arising from the law,

5.2 Our Obligation to Ensure Data Security

We are taking the entire administrative and technical measures and precautions stipulated in the regulation to ensure the security of the personal data processed as acting with the capacity of the data controller. The obligations related to the data security as well as the precautions and measures taken are detailed in Sections 9 and 10 of this Policy.

6) Classification of Personal Data

6.1 Personal Data

The Personal Data refers to all sorts of information relating to an identified or identifiable real entity.

Protection of personal data only aims for the real entities and the data of the legal entities and the information not including any data of a real entity shall be excluded from the scope of protection of personal data. Therefore, this Policy shall not be applied to the data of the legal entities


6.2 Personal Data of Special Nature

The personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data are deemed to be personal data of special nature.

7) Processing of Personal Data

7.1 Our principals on processing of personal data

We are processing the personal data in accordance with the principals stated hereinbelow.


7.1.1 Processing complying with law and in good faith

We are processing the personal data in accordance with the good faith in a transparent manner within the framework of our obligation of providing clarification.


7.1.2 Ensuring the accuracy and actuality of personal data If required

We take the required precautions and measures in our data processing procedures to ensure the accuracy and actuality of the data processed. We provide the opportunity to the Personal Data Subject to apply to us to update the data thereof and if any, correct the errors and omissions in the data processed.


7.1.3 Processing for certain, explicit and legal purposes

We, as the corporation, process the personal data within our legitimate purposes defined in order to sustain our operations and activities with the scope and content explicitly identified within the framework of the legislation and within the ordinary course of commercial life.


7.1.4 Personal data being associated, limited and restrained with the purpose of processing

We process the personal data being associated, limited and restrained with the purpose of processing determined explicitly and precisely.
We refrain from processing of personal data that is not relevant or not required to be processed. Therefore, as long as there is no legal requirement, we do not process the personal data of special nature or should a requirement arises, we obtain explicit consent on the matter.


7.1.5 Retention of personal data throughout the periods stipulated by the legal regulations and our legitimate commercial benefits.

Numerous regulations in the legislation entail retention of the personal data. Therefore, we store the personal data for the period stipulated in the relevant legislation or required for the purposes of processing personal data.
In case of expiration of the retention periods stipulated in the relevant regulation or the purpose of processing personal data no longer exist, we are delete or destroy the personal data. Our principles and procedures for the retention periods are detailed in Article 9.1. of this Policy.


7.2. Explicit consent to be obtained within the scope of processing of data of the Related Person

We obtain the explicit consent of the Related Person, excluding the circumstances stipulated in the Legal in where explicit consent is not required.


7.3 Our purposes on processing of personal data

We, as the Corporation, perform processing of the personal for the purposes including but not limited with the following:

  • Execution of our operations and activities,
  • Determination of human resources policy, planning and execution of processes,
  • Providing support services to the customers within the scope of the Agreement and the service standards,
  • Shaping and updating the services to be offered to our customers upon determining the preferences and requirements of our customers,
  • Ensuring the fulfillment of our legal liabilities and obligations as required or imposed by the legal regulations,
  • Ability to perform market researches and statistical studies,
  • Surveys, contests, campaigns, promotions and sponsorships,
  • Evaluating the job applications,
  • Establishing contact with the entities with business relations with the corporation,
  • Monitoring of marketing processes,
  • Compliance management,
  • Vendor/supplier management,
  • Planning, execution of advertising and promotional activities,
  • Legal reporting,
  • Invoicing,
  • Planning of commercial and business strategies,
  • Management of business partners/supplier relationships.

7.4 Processing of personal data of special nature

Personal data of special nature is processed by us in case of explicit consent or in circumstances imposed by the legislation by taking the administrative and technical precautions and measures stipulated in the laws and set forth by the PDP Board.
In case of personal data of special nature related to medical condition and sexual life of the, the said data can and public shared to parties to or authorized institutions and organizations under the obligation of non-disclosure merely for the purpose of protection of public health, preventive medicine, medical diagnosis, execution of treatment and healthcare services, planning and management of healthcare services and financing. Such type of data of our employees can be processed by the persons stipulated in the laws.


7.5 Processing of personal data collected by the cookies embedded on our website

We apply cookies for the purpose of improving the functioning and usage of our website and we perform endeavours to provide you a better user experience and improve the time you spend on our website to become more efficient and enjoyable. In addition to this, we make use of certain cookies to remember your preferences on our website and thus, offering you an improved and customized navigation experience on our website.


7.6 Processing of personal data for human resources and employment purposes

During process of the applications you shall file as an Employee Candidate, we process, store and transfer your personal data in documents such as your CV, diploma etc. you disclosed to us for job application evaluation process. Processing, transferring and storing the personal data you disclosed as an Employee Candidate are within the scope of this Policy and the Policy on the Protection of Personal Data for Employee Candidates.


7.7 Exceptional circumstances in where explicit consent for personal data processing in not sought

We are entitled to process the personal data without obtaining the explicit consent in exceptional circumstances stated herein below and arising from law:

  • Being Explicitly Set Forth in Laws
  • Provided to be directly associated with the conclusion or the execution of an agreement, requirement for the processing of the personal data of the contractual parties;
  • Obligatory Data Processing for Establishment, Exercise or Protection of a Right;
  • In case of an obligation for processing your data for the legitimate interests of the corporation as the data controller, provided not to harm the fundamental rights and freedom;
  • As a data controller, being obligatory for fulfilling any of our legal obligations;
  • Being obligatory for the protection of a life or bodily integrity of an individual unable to grant his explicit consent due to physical incapabilities or with consent unable to be recognized on a legal basis or any others;
  • Personal Data Made Public by Related Person.

The exceptional circumstances in where the personal date of special nature can be processed without the explicit consent of the Related Person are specified in Article 7.4. of this Policy.


8) Transferring Personal Data

8.1 Domestic transferring of personal data

As a corporation, with regards to transferring of personal data, we are acting in accordance with the LPPD and the resolution rendered by PDP Board.

Save for the exceptional circumstances stipulated by the legislation, the personal data of special nature cannot be transferred to other real or legal entities without the explicit consent of the Related Person or the guardian or legal representative thereof in case the Related Person is a minor.

In exceptional circumstances stipulated by LPPD and various legislations, data can be transferred to administrative or judicial organizations or institutions granted with the required authorization subject to the manner and limits set forth in the legislation without the explicit consent of the Related Person or the guardian or legal representative thereof in case the Related Person is a minor.

Moreover, in exceptional circumstances stipulated by the legislation;

  • In circumstances described in article 7.7. of the Policy,
  • In circumstances stated in article 7.4. of the Policy regarding the personal data of special nature,

Upon taking the precautions and measures set forth by the PDP Board and the relevant legislation, in case of personal data of special nature related to medical condition and sexual life of the employee, the said data can only be shared to parties to or authorized institutions and their explicit consent under the obligation of non-disclosure merely for the purpose of protection of public health, preventive medicine, medical diagnosis, execution of treatment and healthcare services, planning and management of healthcare services and financing.


8.2 Overseas transferring of personal data

The personal data cannot be transferred overseas without the explicit consent of the Related Person or the guardian or legal representative thereof in case the Related Person is a minor. However, in case of any of the exceptional circumstances stated in articles 7.4. and 7.7. of this Policy, only in case the overseas third parties are;

  • Located in the countries in where sufficient protective measures stated by PDP Board are in place;/li>
  • located in the countries in where sufficient protective measures are not in place, written affirmative covenant related to a sufficient degree of protection issued by the data controllers residing at the said foreign country and the authorization of PDP Board in place;

The personal data can be transferred overseas without the explicit consent.

When the storage of the data in the cloud system is technically necessary, the data can be transferred abroad by obtaining explicit consent and in accordance with the regulations determined by the laws.


8.3 Organizations and institutions to whom the personal is transferred

The personal data can be transferred to, including but not limited to;

  • Our Suppliers,,
  • Our business associates and business contacts,
  • Affiliates and group companies of our corporation,
  • Legally authorized public authorities and organizations,
  • Legally authorized private law entities,
  • Entities from whom services are received or third parties or advisors, organizations or authorities with whom we are collaborating,
  • Our Shareholders,

within the terms and purposes stipulated in Articles 8. and 9. of the Law in accordance with the principles and rules stated herein above.


8.4 Measures taken by us related to legitimate transferring of personal data

8.4.1 Technical measures

For the purpose of protection of the personal data, we are taking the required technical measures, including but not limited to;

  • Performing the in-house technical organization for the processing and retention of the personal data in accordance with the legislation,
  • Establishing the technical infrastructure to ensure the security of the databases where your personal data shall be stored,
  • Monitoring and controlling the processes of the technical infrastructure established,
  • Determining the procedures for reporting the technical measures and audit processes we have taken,
  • Periodically updating and renewing the technical measures,
  • Reviewing and examining the risky situations are re-examined and producing the required technological solutions,
  • Utilizing virus protection systems, firewalls and similar software or hardware security products, and establishing security systems in accordance with technological advancements.

8.4.2 Administrative measures

For the purpose of protection of the personal data, we are taking the required technical measures, including but not limited to;

  • Establishing policies and procedures for access to personal data, including employees of the corporation and affiliates within our company,
  • Informing and training our employees regarding the protection and processing of personal data in accordance with the law,
  • Recording the measures to be taken in case of illegal processing of the personal data by our employees in the employment agreements and/or Policies,
  • Auditing the personal data processing activities of the data processors we work with or the partners of the data processors.

9) Retention of Personal Data

9.1 Retention of the personal data for the period set forth in the relevant legislation or required period for the purpose of processing.

Save for the retention periods for the personal data stipulated in the legislation, we store the personal data for the period required by the purpose of processing of personal data.

In circumstances where we process the personal date for various purposes, in case the purposes of processing of personal data no longer exist or upon the request of the guardian or legal representative of the Related Person in case the Related Person is a minor, the data shall be deleted or destroyed in case of no hindrance in the legislation to do so. The provisions of the relevant legislation and resolutions of PDP Board shall apply for the provisions of destruction or deletion of the personal data.


9.2 Measures taken by us for the retention of the personal data

9.2.1 Technical Measures
  • Establishing technical infrastructures and relevant control mechanisms for the deletion and destruction of personal data,
  • Taking the required precautions and measures for the secure retention of personal data,
  • Employing employees with technical expertise,
  • Creating business continuity and emergency plans against the risks that may occur, and developing systems for their implementation,
  • As well as establishing security systems in accordance with technological developments regarding storage areas of personal data.

9.2.2 Administrative Measures
  • We are raising awareness by informing our employees on the technical and administrative risks related to retention of personal data,
  • Incorporating provisions in the agreements concluded with the corporations to whom the personal data is transferred in case of collaboration with the third parties for the retention of personal data for taking the required security measures by the parties to whom the personal data is transferred for the purpose of protection and secure retention of the personal data.
  • 10) Security of Personal Data

    10.1 Our obligations regarding the security of personal data

    We are taking administrative and technical measures to the extent allowed by the technological facilities and implementation costs to prevent unlawful and unauthorized access to personal data and lawful retention of personal data.


    10.2 Measures taken by us for prevention of unlawful processing of personal data
    • We perform the required audits within our corporation and having them performed,
    • Train and inform our employees regarding the lawful processing of personal data,
    • The activities and operations performed by our corporation are assessed in detail for the entire business units,
    • As a result of this evaluation, we process personal data to the extent specific to the commercial operations and activities performed by the relevant units, including provisions in the agreements concluded with the corporations processing personal data in cases of cooperation with the persons who process personal data to take necessary security measures, in case of unlawful disclosure of personal data or data leakage,

    10.2.1 Technical and administrative measures taken by Us for prevention of unlawful processing of personal data

    For the purpose of prevention of unlawful the processing of personal data;

    • We employ personnel with technical specialization in their respective fields,
    • Periodically updating and renewing technical measures,
    • Establishing access authorization procedures within our corporation,
    • Determining the procedures for reporting the technical measures and audit processes we have taken,
    • Establishing the data recording systems employed in our corporation in accordance with the legislation and periodically auditing them,
    • Developing and implementing emergency service plans against the risks that may occur and developing systems for the implementation thereof,
    • Training and informs our employees regarding access to personal data and authorization,
    • In cases where cooperation is made with third parties for activities such as processing and storing personal data,
    • In contracts with companies that provide access to personal data; including provisions in the agreements concluded with the corporations processing personal data in cases of cooperation with the persons who process personal data to take necessary security measures, and establishing security systems within the technological advancements in order to prevent unlawful access to personal data.
    10.2.2 Measures taken by us In case of unlawful disclosure of personal data

    We are taking administrative and technical measures from the prevent unlawful disclosure of personal data and to duly update the relevant procedures appropriately. In the event that we identify unauthorized disclosure of the personal data, we have been establishing infrastructures and system to notify this situation to the Related Person or the guardian or the legal representative thereof in case the Related Person is minor and to PDP Board accordingly.

    In case of occurrence of an unlawful disclosure in despite of the entire administrative and technical measures taken, this condition shall be notified on the website of PDP Board or through any other means.


    11) Rights of the Personal Data Subject

    We inform the Personal Data Subject within the scope of our obligation for enlightenment and establishing system and infrastructures for the provision of information. We perform the technical and administrative arrangements required for the personal data subjects to exercise their rights regarding their personal data.

    The Personal Data subject shall have the following rights on their personal data;

    • Right to be informed on whether their personal data are processed or not,
    • Right to obtain related information on the details of the process,
    • Right to inquire the reason for processing their personal data and its conformity with legitimate purposes,
    • Right to obtain information on the third persons at home or abroad to whom their data are transferred,
    • Right to have inaccurate personal data rectified or completed if it is incomplete,
    • Right to request deletion or disposal of their personal data,
    • Right to request notification of the operations carried out to third parties to whom his personal data has been transferred,
    • Right to object in cases of exclusive processing of their personal data by automated systems which produce unfavourable effects to the data subject,
    • Right to claim compensation for damages arising from the unlawful processing of his personal data.

    11.1 Exercising rights related to personal data

    The Personal Data Subject is entitled to communicate his request related to his personal data by means of a method in case of defined by the PDP Board or by using the "LPPD Application Form" on our website at elk.kisiselverilerim@eaegroup.com in written and bearing the original signature or deliver to our registered mail eaeelektrikas@hs01.kep.tr signed with the secure signature.

    The Personal Data Subject, in his application to be filed to exercise the rights stated herein above and including explanations related to the right claimed to exercise, the matter claimed is required to be clear and comprehensive, the matter claimed is required to be related to the applicant or the applicant is required to be exclusively authorized in case the applicant acts on behalf of others and document such authorization, furthermore, the application is required to include the identification particulars and address details of the applicant and documentation certifying the identification particulars is required to be included in the application.

    The guardian or legal representative, in case the Related Person is a minor, is required to file the application related to the personal data including the documents stated herein above along with the ones certifying the identity of the Related Person. The said requests shall be filed on an individual basis and the requests related to the personal data filed by the third parties shall not be taken into evaluation.


    11.2 Evaluation of application

    11.2.1 Responding term of application

    Requests related to the personal data are concluded as soon as possible depending on the nature and within no later than 30 (thirty) days in any case, or against the fee indicated on the tariff in case of occurrence of the conditions in the tariff to be announced by the PDP Board regarding the fee.

    Additional information and documentation can be requested during the application or evaluation process of the application.


    11.2.2 Our Right to refuse the application

    The applications related to the personal data can be refused under the following conditions;

    • Provided that the personal data is processed for the purposes of official statistics and others such as research, planning and statistics by means of anonymizing the personal data,
    • For arts, history, literature or scientific purposes or within the scope of freedom of thought on condition not to breach the privacy or personal rights
    • For arts, history, literature or scientific purposes or within the scope of freedom of thought on condition not to breach the privacy or personal rights,
    • Processing of anonymized personal data by the Data Subject,
    • Application not based on a rightful ground,
    • Application contains a request in breach of the relevant legislation,

    application procedure not being followed.

    11.3 Procedure of application evaluation

    In order for the responding term stated in article 11.2.1 of this Policy to be initiated, the requests filed must be delivered in written and bearing original signature or electronic signature and through the registered mail or with the information and documents certifying the identity of the application through any other means determined by the PDP Board. The guardian or legal representative, in case the Related Person is a minor, is required to file the application related to the personal data including the documents stated herein above along with the ones certifying the identity of the Related Person.

    In case the request is accepted, relevant processes are applied and the applicant is notified in written or by electronic means. In case of refusal of the request, the applicant is notified on the justification of the refusal in written or by electronic means.

    11.4 Right to file complaint to personal data protection board

    In case the application is refused, unsatisfactory response or failure to respond in time, the applicant is entitled to file a complaint before the Personal Data Protection Board within 30 (thirty) days following the reception of the response and in any case 60 (sixty) days following the application date.

    12) Confidentiality Policy

    This Confidential Policy includes our policy related to your personal data while offering services on the Corporate website. In accordance with the Law on Protection of Personal Data No. 6698 on Acquisition and Processing of your Personal Data ("LPPD"), we hereby inform you that your personal data disclosed to us and requested by us acting with the capacity of the Data Controller strictly in connection to, limited and restricted to the processing purpose and period, shall be recorded, stored, maintained and re-regulated again within the framework of the purpose required and disclosed to the organizations and institutions authorized to request such personal data and transferred to domestic and overseas third parties, assigned, classified under the circumstances and conditions set forth by LPPD and processed in any other ways stipulated in LPPD. The User(s) hereby acknowledge(s) and agree(s) that they disclose their personal data such as name, surname, e-mail address, job applications on our website for the purpose of filing job application, filing their requests and suggestions, introducing themselves and closely following the user preferences, directly using the website or establishing communication on their freewill and with their explicit consent in accordance with the Law on Protection of Personal Data No. 6698, and such data is requested from them for the mere purposes of getting familiar with them, offering better services, and getting informed on the applications or complaints filed and site events and novelties and the website traffic data can be processed as hosting provider during their visits. Your personal data can be transferred to the legally authorized public authorities and organizations, private legal and real entities, including but not limited to ones operating in accordance with the Turkish Code of Commerce (TCC), Turkish Code of Obligations, Law on Protection of the Consumer, other relevant laws and regulations and other relevant legislation and regulations and entitled to record the identity, address and other required information and data for the determination of the information on the party performing the process within the scope of above-cited legislation, to issue the entire required vouchers, records and documentation indicating the process or on paper means, maintain and store the records and documentation for the periods stipulated in the laws within the scope of the relevant laws and legislation, including but not limited to; for the purposes of ensuring the process security in accordance with the relevant regulations, fulfilling the obligations of data retention, reporting, providing information set forth by public organizations and institutions, evaluating, storing, collecting the personal data disclosed during the job applications on verbal, written or electronic environment explicitly authorized by the law. Your entire personal data disclosed to our corporation shall be stored in strict abidance and compliance to the principles of confidentiality in accordance with Article 12 of the Law on Protection of Personal Data No. 6698. Your said personal data can only be disclosed to the corporate employees authorized to store and maintain such data and public organizations and institutions authorized to request such data pursuant to the explicit consent of the users, except the exceptions stipulated in the law/circumstances excluded.

    13) Corporate Premises Entrance and Exit and in-house Processing of Personel Data

    The entrance and exit processes of visitors and guests are monitored by a security camera within the premises of our Corporation (inside and outside) for the purpose of ensuring the security and sustaining the operations by our Corporation and the personal data is processed in accordance with the Constitution, LPPD and other relevant regulation. The camera images of our visitors are taken within the premises of our corporation, at the entrance of premises and within the building through the monitoring system for the purposes of ensuring the security, increasing the service quality and ensuring the security and safety of our Corporation, visitors and others and data processing is performed accordingly. Only a limited number of Corporate personnel has access to the records stored on the digital means and the confidentiality is ensured upon concluding a non-disclosure affirmative covenant. Live camera footages can be watched by the outsourced security personnel. In accordance with the article 12 of the LPPD, the required technical and administrative measures are taken to ensure the security of the personal data acquired as a result of the monitoring activities by cameras. The log records of your Internet access provided to our visitors are recorded in accordance with the Law No. 5651 and the governing provisions of the legislation regulated in accordance with this Law and these records are only processed when requested by authorized public institutions and organizations or to fulfillment our legal obligations in the audit processes to be performed within our Corporation. Only a limited number of Corporate personnel with the affirmative covenant on the non-disclosure have access to the log records acquired, and access these records only to be used upon request audit processes from authorized public institutions and organizations, and disclose such data to legally authorized persons. The activities of the persons visiting the websites owned and operated by our corporation are recorded in accordance with the Law and the relevant legislation for the purpose of ensuring to optimize the experience of our visitors.

    14) Deletion and Anonymization of Personal Data

    Although the person data is in accordance with Article 7 of the LPPD and other relevant laws (Article 138 of the Turkish Penal Code), in case the reasons for processing no longer exist, the personal data shall then be deleted or destroyed by the data controller, either ex officio, based on the decision of the Corporation or upon request of the personal data subject. The provisions stipulated in other laws related to the deletion or destruction of the personal data shall be reserved. Our corporation, as techniques for deletion or destruction, employs corporate specialist technical personnel or a contracted specialist for the deletion of the personal data in a non-retrievable manner, physically destruction of the personal data and secure deletion on the current software. The techniques employed for the anonymization process are as follows; consolidation, derivation, masking, mixed techniques and the personal data lawfully processed can be anonymized by our corporation or affiliates in case the purposes requiring processing shall no longer exist. As the anonymized personal data shall not within the scope of the LPPD, it can be processed for the purposes such as research and statistics.

    15) Release and Maintenance of the Document

    This Policy is stored by two different means as printed paper and electronic environment.

    16) Updating Frequency

    This Policy shall be reviewed in the intervals to be designated by the Corporation and updated, if required, within the principles determined in the law and regulation as well as in-house.

    17) Enforcement

    This Policy shall deemed to be inured upon being released environment, which is the Document Management System of our corporation and the corporate website.