Personal Data Protection Management System Policy
Our organization collects and processes personal data in compliance with the laws of Turkey and European Union Member States, primarily to protect individuals' fundamental rights and freedoms, including the right to privacy.
All our personal data processing activities are covered by our policy, including the processing of personal and sensitive personal data of customers, employees, suppliers, and business partners, as well as any data collected and processed from any source by the organization.
We take necessary technical and administrative measures to prevent the unlawful processing and access to personal data and to ensure its safe storage, conducting or having audits conducted as required.
Regarding personal data processing, we act in accordance with the law and principles of good faith, ensuring accuracy and, when necessary, keeping data up to date. We process personal data for specific, clear, and legitimate purposes, ensuring that it is relevant, limited, and proportional to those purposes.
Our organization retains personal data for the duration specified by law or as required by the purpose for which it is processed. We inform personal data owners and provide necessary information upon their request.
When processing sensitive personal data, we act in compliance with relevant regulations and do not carry out any activities without explicit consent, except in cases expressly provided for by law. Regarding the transfer of personal data, we act in accordance with legal regulations.
We continue to pursue personal data protection activities that are traceable, measurable, and evaluable, and raise awareness among internal and external parties regarding their obligations related to personal data protection.
Our organization conducts training programs to enhance both technical and behavioral competencies to increase awareness of personal data protection.
In managing personal data breaches, we follow disciplinary procedures and immediately inform the relevant authorities of any offenses or violations requiring penalties.
We constantly monitor the confidentiality, integrity, currency, and access rights to personal data through process-based asset inventories and risk assessments.
Our organization is committed to implementing, systematically managing, and continuously improving the Personal Data Protection Management System, as well as allocating the necessary resources for its needs.