Adezza Yapı Sistemleri A.Ş. Personal Data Protection, Processing, and Privacy Policy
1. Introduction
Our company, Adezza Yapı Sistemleri A.Ş. (“Data Controller” or “Company”), with this (“Policy”), establishes the procedures and principles it will follow regarding the obligations of all its stakeholders in the collection, processing, deletion, destruction, or anonymization of their personal data.
In this regard, in terms of personal data, under the Law No. 6698 on the Protection of Personal Data (“Law”); Job Applicants, Customers, Company Shareholders, Company Representatives, Visitors, Employees, Shareholders, and Representatives of the Institutions, Subcontractors, and Suppliers with Whom We Cooperate, and Third Parties, are considered as “Data Subjects”.
In accordance with the Law, the activities related to the processing of personal data carried out by the Company (“Data Controller”) are specified, and the aim is to ensure transparency by informing the data subjects and obtaining their explicit consent within the situations specified below. The Privacy Policy is published on the company’s website (https://www.adezza.com) and made available to the relevant persons upon request.
In line with this, this Privacy Policy (“Policy”) has been prepared to process personal data in full compliance with Law No. 6698 and to inform data subjects accordingly. Apart from this Policy, a separate “Adezza Yapı Sistemleri A.Ş. Employee Personal Data Processing Policy” has been prepared for company employees.
2. Scope
This Policy pertains to all personal data processed, whether through automatic means or as part of any data recording system, including non-automatic methods, of Job Applicants, Customers, Company Shareholders, Company Representatives, Visitors, Employees, Shareholders, and Representatives of the Institutions, Subcontractors, and Suppliers with Whom We Cooperate, and Third Parties.
For the data subjects mentioned above, the scope of application of this Policy may include the entire document or only certain provisions.
3. Legal Compliance
The applicable legal regulations regarding the processing and protection of personal data will take precedence. In the event of any conflict between the current legislation and this Policy, the Company acknowledges that the provisions of the applicable legislation will be followed.
4. Data Subject Categories
The data subjects whose personal data are processed within the scope of this Policy are categorized as follows:
- Job Applicants: Individuals who have applied for a job with the Company or have made their resumes and related information accessible to the Company through any means.
- Employees, Shareholders, and Representatives of Institutions, Subcontractors, and Suppliers with Whom We Cooperate
- Customers: Individuals whose personal data have been obtained due to their business relationships with the Company, regardless of whether there is a contractual relationship.
- Visitors: Individuals who have entered the physical premises of the Company for various purposes.
- Third Parties: Other individuals whose personal data are processed under this Policy, but who are not specifically defined here.
- Company Shareholders: Individuals who are shareholders of the Company.
- Company Representatives: Individuals who are members of the board of directors or other authorized persons within the Company.
5. Definitions
The following terms carry the meanings stated below throughout this Policy text:
- Explicit Consent: Consent expressed freely and based on being informed about a specific matter.
- Anonymization: The process of rendering personal data such that it can no longer be associated with any identifiable person, even when matched with other data.
- Personal Data: Any information related to an identified or identifiable natural person.
- Special Categories of Personal Data: Sensitive data such as race, ethnicity, political views, philosophical beliefs, religion, sect, and health information.
- Processing of Personal Data: Any operation performed on personal data, such as collection, storage, or alteration.
- The Board: Personal Data Protection Board.
- Policy: The Company’s Personal Data Protection and Processing Policy.
- Data Processor: A person authorized to process data on behalf of the data controller.
- Data Controller: The person who determines the purposes and means of processing personal data.
6. Personal Data Processed Under This Policy
The matters regarding the processing of personal data related to Job Applicants, Customers, Company Shareholders, Company Representatives, Visitors, Employees, Shareholders, and Representatives of the Institutions, Subcontractors, and Suppliers with Whom We Cooperate, and Third Parties are regulated under this Policy in compliance with the Law.
7. Data Processing Boundaries
Personal data obtained with the consent of the data subject or based on other legitimate reasons specified in the Law will be processed in accordance with the purposes or legal grounds mentioned in this Policy or in the informed consent of the data subject. Once the legal basis for processing no longer exists, or consent is withdrawn or not provided, all personal data will be deleted, destroyed, or anonymized.
8. Purpose of the Privacy Policy
- To transparently specify what information is collected and what it is used for.
- To protect the rights of data subjects and third parties under the Law.
- To clarify how shared information is used.
9. Consent for Information
Data subjects acknowledge that they have been informed and consent to the use of their personal data as outlined in this document.
10. Types of Personal Data (Categories)
- Identity Information: Name, surname, T.C. Identity number, date of birth, etc.
- Contact Information: Phone number, email, IP address
- Customer Information and Transaction Information
- Transaction Security Information
- Risk Management Information
- Financial Information
- Job Applicant Information
- Legal Process Information
- Audit Information
- Special Categories of Personal Data
- Marketing Information
- Physical Location Security Information
- Visual/Audio Information
- Request/Complaint Management Information
11. Anonymous Data
Data anonymized under the Law is not considered personal data and is not covered by this Policy.
12. Conditions for Data Processing
Personal data may be processed in accordance with the legal grounds specified in Articles 5 and 6 of the KVKK. These include:
- Explicitly foreseen by law
- Impossibility of obtaining consent due to physical impossibility
- Related to the establishment or performance of a contract
- Legal obligation of the data controller
- Publicly available data
- Mandatory data processing for the establishment of a right
- Legitimate interest justification
13. Cases Requiring Explicit Consent
Cases where explicit consent is required for personal data processing are clearly specified. These purposes include:
- Customer relationship management
- Corporate communication activities
- Human resources processes
- Security, audit, and legal processes
- Information technology processes
14. Communication and Statistical Use
Data can also be used for communication, statistical analysis, or market research.
15. Employee and Candidate Data
The data of employees and job candidates are further regulated under contracts and legal obligations.
16. Camera and Physical Location Security
Security cameras are used to monitor premises in compliance with the KVKK. Warning signs are placed in the monitored areas, and camera recordings can only be accessed by authorized personnel.
17. Data Sharing
Personal data may be shared with third parties, such as business partners, law firms, public institutions, etc., to provide services and fulfill legal obligations.
18. Personal Data Transfer
Personal data may be transferred to third parties and public institutions within the legal exceptions.
19. International Transfers
Data may be transferred to countries with adequate protection or data controllers who provide protection under the conditions specified in the KVKK.
20. Transfer of Special Categories of Data Abroad
Special categories of personal data related to health and sexual life may only be transferred to authorized persons and institutions under the circumstances specified by law.
21. Continuity of Processing and Transfer Purposes
Personal data processing and transfer will be carried out in accordance with Articles 5 and 6 of the KVKK.
22. Data Subject Rights
Under Article 11 of the KVKK, data subjects have the following rights:
- To learn whether their data is processed
- To request correction, deletion, or destruction of data
- To learn the recipients of the data
- To request compensation in case of damage
23. Application Procedure
Applications should be made in writing or through the methods determined by the Personal Data Protection Board to the company address:
Address:
Adezza Yapı Sistemleri A.Ş. ASO 2. OSB. 2014 Cad. No: 22 Sincan / ANKARA
24. Response Time to Applications
Applications will be answered free of charge within 30 days. If additional costs arise, the tariff set by the Personal Data Protection Board will apply.
25. Updates
The Privacy Policy may be updated to comply with changing regulations and conditions.
26. Retention Period
Data will be retained for the duration of legal obligations or as long as required by the purpose of processing. After the required period, data will be deleted, destroyed, or anonymized.
27. Accuracy
Data subjects should notify the Company of any changes to their personal information.
28. Implementation and Obligations
Internal procedures have been established to ensure compliance with the KVKK. This Policy, along with clarification texts, is provided to the data subjects.