The protection of personal data is among the top priorities of our company. The most important pillar of this issue is, by governing this policy, the protection and processing of the personal data of our customers, potential customers, candidate employees, company shareholders, company officials, visitors, as well as employees, shareholders and authorities of the institutions we cooperate, and third parties.
This policy sets out the principles to be adopted and considered in terms of implementation by Özak Global Holding Şirketleri regarding the processing and protection of personal data. This policy determines the functions to be fulfilled by Özak Global Şirketleri and sets out the basic principles on how to comply with the regulations stipulated in the Law on the Protection of Personal Data No. 6698 (KVKK). In this sense, the administrative and technical measures to be taken by Özak Global Holding Şirketleri are examined to protect personal data processed in compliance with the relevant legislation.
The main purpose of this policy is to provide information on the personal data processing activities conducted in accordance with the law by Özak Global Holding Şirketleri, and on the systems adopted for the protection of personal data. In this context, our aim is to ensure transparency by informing people, notably our customers, potential customers, candidate employees, company shareholders, company officials, visitors, as well as employees, shareholders and authorities of the institutions we cooperate, and third parties, whose personal data are processed by Özak Global Holding Şirketleri.
This policy relates to all personal data of our customers, potential customers, candidate employees, Company shareholders, Company officials, visitors, as well as employees, shareholders and authorities of the institutions we cooperate, and third parties, processed through automated means or provided that they are part of any data registry system through non-automated means.
This Policy may be amended from time to time by the approval of the Board of Directors, if stipulated by the KVK Regulations or when deemed necessary by the Company's Data Controller.
The Policy, developed by our company, will be updated in the event of a renewal of the entire or certain provisions.
The policy is published on our Company's website and made available to the relevant persons upon request of the personal data subjects.
Explicit Consent:
Consent about a specific subject based on the information and expressed in free will.
Anonymization:
The modification of personal data in such a way that they lose their personal data feature and that this condition cannot be recovered. For instance, making personal data unassociated with a real person with techniques of masking, consolidation, data destruction, etc.
Candidate Employee:
Real persons who have applied for a job in any way to our Company or have opened their background and related information for inspection by our Company.
Employees, Shareholders, and Authorities of the Institutions we Cooperate:
Real persons, including shareholders and authorities of the institutions, who work in these institutions (including, but not limited to as a business partner, supplier, etc.) with which we have developed any kind of business relation.
Personal Data Subject:
Real person whose data are processed. For example; Customers and employees.
Personal Data:
Any information related to the identified or identifiable real person. The processing of data relating to legal persons is hereby not within the scope of the Law. For instance; name-surname, TR identity number, e-mail, address, date of birth, credit card number, etc.
Customer:
Real persons who used or have been using the products and services offered by our company.
These data are the personal data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data.
Potential Customer:
Real persons who have the potential to do business with our company, who might want to work, who have purchasing power, but we have not reached yet, and whom we have not sold anything even if reached.
Company Shareholders:
Real persons who are shareholders of our company.
Company Authority:
Executive board members of our company and other authorized real persons.
Data Processor:
A real and legal person who processes personal data on his behalf on the basis of the authority conferred by the data controller.
Visitor:
Real persons who have entered our physical premises with various purposes or visited our websites.
Our Company, in accordance with Article 12 of the Law on KVK, takes the necessary technical and administrative measures to ensure that the appropriate level of security is maintained so as to prevent illegal processing of personal data, to prevent illegal access to data, as well as to ensure data retention; within this scope, it performs required inspections or has these inspections done.
Our Company takes technical and administrative measures considering technological facilities and application cost so as to ensure that personal data is processed in accordance with the law; to prevent indiscreet or unauthorized disclosure, access, transfer, or other unlawful access of personal data; to prevent them from being stored in unsecure environment and being illegally destroyed, lost or altered.
Our Company performs the required audits within its own body in accordance with Article 12 of the Law on KVK. The results of these audits are reported to the concerned department in line with the Company's internal operation procedures, and required activities are carried out to improve the measures taken.
In case that others obtain personal data processed in accordance with Article 12 of the Law on KVK through illegal means, our company operates a system that allows this situation to be notified to the concerned personal data subject and the KVK Board as soon as possible.
If deemed necessary by the KVK Board, this may be announced on the website of the KVK Board or by any other means.
Our Company exploits required channels, internal working procedures, administrative and technical regulations in accordance with Article 13 of the Law on KVK to evaluate the rights [and complaints] of personal data subjects and to provide them with necessary information.
In the event that personal data subjects submit their complaints in writing to our Company regarding their rights stipulated in the Law on KVK, our company concludes the complaint as soon as possible and free of charge within 30 days at the latest depending on the nature of the complaint. However, if the process requires an additional cost, our Company will charge the tariff determined by the KVK Board.
The data controller accepts or rejects the complaint and notifies the concerned in writing or electronically. In case the complaint mentioned in the application is found acceptable, the data controller does the necessary. In the event that the application is made due to a mistake of the data controller, the fee shall be returned to the person concerned.
In accordance with Article 4 of the Law on KVK, Özak Global Şirketleri conducts data processing activities in compliance with the law and good faith.
Our Company retains personal data as long as required by law or as required for personal data processing purposes.
Özak Global Holding Şirketleri processes personal data on the basis of certain requirements of Article 5 of the Law on KVK about personal data processing.
Özak Global Holding Şirketleri elucidates personal data subjects and informs them when requested information in accordance with Article 10 of the Law on KVK.
Özak Global Holding Şirketleri complies with the regulations envisaged for the processing of data of special nature, pursuant to the provisions of Article 6 of the Law on KVK. In accordance with Articles 8 and 9 of the Law on KVK, Özak Global Holding Şirketleri complies with the regulations stipulated by the Law and set forth by the KVK Board on the transfer of personal data.
Özak Global Holding Şirketleri acts in accordance with the principles set out by legal regulations and general trust and good faith in the processing of personal data. In this context, our Company takes into consideration the proportionality requirements in the processing of personal data and does not use personal data other than for its intended purpose.
Özak Global Holding Şirketleri ensures that processed personal data are accurate and up-to-date, taking into account the fundamental rights of personal data subjects and their legitimate interests. In this respect, our company takes the necessary measures.
Özak Global Holding Şirketleri processes personal data for specific, explicit and legal reasons. Özak Global Holding Şirketleri should identify the purpose for which personal data will be processed, and should provide data subjects with this purpose before their personal data is processed. Personal data should not be processed for the purposes other than those specified. The purposes of data processing identified by Özak Global Holding Şirketleri shall be legitimate and lawful.
Özak Global Holding Şirketleri processes personal data in a way to achieve the identified purposes and avoids the processing of personal data that is not required or not related to the realization of the purpose. For example, our company is not conducting personal data processing to meet probable needs.
Özak Global Holding Şirketleri retains personal data only for the period specified in the relevant legislation or for the purpose for which they were processed. In this context, our company determines whether a period has been stipulated for the storage of personal data in the relevant legislation; if this is the case, it takes into account this period; otherwise, it retains personal data for the time period required for the purpose for which they were processed.
Should you share with us, or if required, your personal data and the data of special nature which may be subject to our processing are as follows:
Name, Surname, Place of birth, Date of birth, Gender, Marital status, Photo, Home Phone Number, Cell Phone Number, Personal e-mail address, Personal Identifying Information, Address, Surveys, Photos conveyed for Form filling and contests, Video recordings, any other personal data you share with us in any way through the channels above, information about your usage of the goods and services we offer, personal data collected automatically by automatic search engines, image and sound recording devices, cookies or other means, social media tools, updated information that our business partners, suppliers, and other third parties share with us based on your prior consent, page display information; information such as search term and search results, and other personal data such as paid listings and sponsored links.
Pursuant to the Law No. 6698 on the Protection of Personal Data, in Data Controller's capacity, we will be able to process any kind of personal data and data of special nature that you share with our company, by conducting any kinds operation on them, such as retrieving in whole or in part through automated means or provided that they are part of any data registry system, through non-automated means, and registering, storing as long as they required for the processing purpose, preserving, modifying, reorganizing, disclosing, transferring, making acquisition, making retrievable, classifying or preventing of use.
Our Company elucidates personal data subjects during the retrieving of personal data in accordance with Article 10 of the Law on KVK. In this sense, we provide information on for what purpose personal data will be processed, to whom and for which purpose personal data can be transferred, personal data retrieving method, and legal rights of the personal data subject.
Article 11 of the Law on KVK mentions "request information" as one of the rights of the personal data subject. Our company, pursuant to this provision, provides the necessary information should the personal data subject requests information.
Our company processes personal data in accordance with the terms and conditions specified in the 2nd Subclause of article 5 and 3rd subclause of article 6 of the Law on the Protection of Personal Data numbered 6698. These terms and conditions are as follows:
In the absence of these conditions, the Company seeks the explicit consent of the personal data subjects to process personal data.
Under the above conditions, our Company may process personal data for, including but not limited to, the following purposes:
In the case that personal data subject does not give his/her explicit consent, it should be understand that our business units may carry out personal data processing for purposes that do not require explicit consent of the personal data subject, as specified in the first paragraph, and may carry out data processing which remains outside the scope of the same purpose for data processing; rather than that not to carry out any data processing.
In processing personal data designated as "data of special nature" by the Law on KVK, our Company strictly adheres to the regulations stipulated in the Law.
In Article 6 of the Law on KVK, a set of personal data, when illegally processed, which have the risk of causing unjust suffering or discrimination, are identified as "data of special nature". These data are the personal data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions, and security measures, and the biometric and genetic data.
Our company may transfer personal data, in line with legitimate and legal personal data processing purposes, to third parties on the basis of one or more of the personal data processing conditions specified in Article 5 of the Law listed below:
Our company may transfer personal data of special nature of the personal data subject to third parties in the following cases in line with legitimate and legal personal data processing purposes, by showing due diligence, taking required security measures, and adequate measures stipulated by the KVK Board.
Özak Global Holding websites are the sites that use cookies. Cookies; is a file consisting mostly of letters and numbers, being stored in the internet browser or on the hard disk of the device in use by allowing the device to be recognized. Özak Global Holding websites store information collected through cookies, log files, blank gif files, and/or third-party resources to form a summary of your preferences.
We use two types of cookies on our websites; session cookies and persistent cookies. Session cookies are temporary cookies that are valid only until you close your browser. Persistent cookies remain on your hard disk until you delete them or they expire (in this option, how long cookies remain on the device will depend on the lifetime of the cookies).
Websites use cookies to remember your preferences and customize your website/mobile application. This includes cookies that save your user password and allow you to stay your website/mobile application logged continuously in, thus saving you the trouble of entering passwords more than once for each visit, and includes the cookies that remember and recognize you on your next visit to the website/mobile app.
These cookies are used to determine how you use the website/mobile application, and to measure the parameters such as the duration of your visit, including where you connect to the web site, what content you view on the website/mobile app, and how you use the website/mobile app.
The website may also use cookies to activate advertising technology to provide you with ads that may be of interest to you when you visit the search engines, website, mobile app, and/or websites that the website advertises. To offer you specific ads, advertising technology uses information about your previous visits to the website/mobile app and to the websites/mobile applications that the website advertises. In the course of offering these advertisements, a unique third-party cookie may be stored on your browser so that the website can recognize you.
Özak Global Holding also uses Google Analytics, a web analysis service provided by Google Inc. Google Analytics uses cookies to analyze how users use the website, mobile app, and/or mobile site, by statistical information/reports.
You can use the following methods to allow and deny cookies:
To have information about cookies and cookie management, in addition to the above options, you can visit https://www.allaboutcookies.org and https://www.youronlinechoices.eu/, or use the "Privacy Badger" application (https://www.eff.org/tr/privacybadger).
If you deny persistent cookies or session cookies, you may continue to use the website, mobile app, and mobile site, but you may not be able to access all their functions, or you may have limited access.
Information about cookies on our website is listed in the following table:
Remembering your preferences of functional and analytical cookies contain data on the effective use of the website, optimizing the site to meet user requests, and how visitors use the site. By their nature, such cookies may contain personal information, such as the user name.
| Platform | Purpose of Use of Cookies | Type of Cookie |
|---|---|---|
| Google (analytics, adwords, doubleclick,adform) | Measurement, Advertising, In-Site optimization | Functional and analytics cookies Commercial cookies |
| Facebook & Instagram, Youtube, Tiwitter, Linkedin | Advertising | Commercial cookies |
| Insider | Measurement, Advertising, In-Site optimization | Functional and analytics cookies Commercial cookies |
| Hotjar | Measurement In-site optimization | Functional and analytics cookies Commercial cookies |
| Üçüncü taraf firmalar (admatic, , taboola, biddablead, v,dout,adventure, advancenative, performics, programatik, criteo v.b.) | Advertising | Functional and analytics cookies Commercial cookies |
Our Company stores personal data, where stipulated in the relevant laws and regulations, for the period stated in these legislations.
In cases where the legislation does not regulate the period of retention for how long personal data should be stored, personal data is processed for a period, which requires the processing of our data in accordance with the requirements of our Company's practices and precedents of commercial activities, depending on the services offered by our Company, and they shall be then erased, destroyed or anonymized.
If the purpose of processing the personal data expires, and the relevant legislation becomes obsolete, and the retention periods determined by the Company also comes to close, personal data can only be stored for the purposes of potential legal disputes, or claims on related rights linked to personal data, or preparations of statement of defense.
KVK Kanunu’nun 7. maddesinde düzenlendiği üzere ilgili kanun hükümlerine uygun olarak işlenmiş olmasına rağmen, işlenmesini gerektiren sebeplerin ortadan kalkması hâlinde Şirketimizin kendi kararına istinaden veya kişisel veri sahibinin talebi üzerine kişisel veriler silinir, yok edilir veya anonim hâle getirilir. Bu kapsamda Şirketimiz ilgili yükümlülüğünü bu bölümde açıklanan yöntemlerle yerine getirmektedir.
Şirketimiz ilgili kanun hükümlerine uygun olarak işlenmiş olmasına rağmen, işlenmesini gerektiren sebeplerin ortadan kalkması hâlinde kendi kararına istinaden veya kişisel veri sahibinin talebi üzerine kişisel verileri silebilir veya yok edebilir. Kişisel verilerin silinmesi, yok edilmesi gereken durumlar veri sorumlusu ve komite tarafından takip edilir.
Kişisel verilerin anonimleştirilmesi, kişisel verilerin başka verilerle eşleştirilerek dahi hiçbir surette kimliği belirli veya belirlenebilir bir gerçek kişiyle ilişkilendirilemeyecek hâle getirilmesini ifade eder. Şirketimiz, hukuka uygun olarak işlenen kişisel verilerin işlenmesini gerektiren sebepler ortadan kalktığında kişisel verileri anonimleştirebilmektedir.
In compliance with article 10 of the PDP Law, our Company notifies to the personal data subjects the groups of persons to whom the personal data are transferred.
In compliance with articles 8 and 9 of the PDP Law, our Company may transfer the customers’ personal data to the below-listed categories of persons:
Our Company carries out personal data processing activities in buildings, premises and entrance locations in compliance with the Constitution, the PDP Law and the other related legislation.
In order that the security is ensured by our Company, our Company conducts monitoring activities by means of security cameras in its buildings and premises as well as personal data processing activities for tracking of guests’ entrances and exits.
Our Company conducts personal data processing activities by use of security cameras and recording of guests’ entrances and exits.
In this context, our Company acts in compliance with the Constitution, the PDP Law and the other related legislation.
This Section provides explanations on our Company’s camera-surveillance system and furnishes information on how the personal data, privacy and individuals’ fundamental rights are taken under protection.
The purposes of security camera-surveillance activities are to improve the quality of the services provided, ensure the reliability, ensure the security of the Company, the customers and other persons and protect the interests of the customers on the services they receive, etc.
Our Company conducts and continues performing camera-surveillance activities in compliance with the Law on Private Security Services and the related legislation.
In the conduct of camera-surveillance activities for security purposes, our Company acts in compliance with the provisions contained in the PDP Law.
Our Company carries out security camera-surveillance activities in order to ensure security in its buildings and premises, for the purposes prescribed by the laws and in compliance with the personal data processing conditions listed in the PDP Law.
Our Company elucidates personal data subjects, in compliance with article 10 of the PDP Law.
Thus, it is aimed that the fundamental rights and freedoms of personal data subjects are prevented from being harmed and that transparency and elucidation of personal data subjects are ensured.
In accordance with article 4 of the PDP Law, our Company processes personal data in such a way in connection with and limited to the personal data processing purposes and in compliance with the principle of proportionality.
The purposes of conducting video camera-surveillance activities by our Company are limited to the purposes referred to in this Policy. Accordingly, the security camera coverage, the number of security cameras and the matter “when surveillance activities will be carried out” are put into practice in such a way adequate for the achievement of the security purposes and limited to these purposes. Video camera- surveillance activities are not carried out in areas (e.g. toilets) where personal privacy takes precedence over the security purposes.
In compliance with article 12 of the PDP Law, our Company takes the technical and administrative measures necessary for ensuring security of the personal data obtained in result of camera-surveillance activities.
Detailed information on the retention period of the personal data obtained by our Company through camera-surveillance activities is provided in the Section of this Policy, bearing the heading “Personal Data Retention Periods”.
The records saved and stored in digital environment are only accessible by a limited number of Ozak Global Holding employees. Live footages can be viewed by the outsourced security guards. The limited number of persons who have access to the records declare, in their confidentiality undertakings, that they shall protect the confidentiality of the data they will access.
Our Company carries out personal data processing activities for the tracking of guests’ entrances-exits in the Ozak Global Holding’s buildings and premises, in order to ensure security and for the purposes specified in this Policy.
While obtaining the names and surnames of the persons who visit the Ozak Global Holding’s buildings as a guest, or by means of the texts posted at the Company or otherwise made available for access of the guests, these personal data subjects are elucidated in this context. The data obtained with a view to the tracking of the guests’ entrances-exits are processed only for this purpose, and the relevant personal data are recorded into the data recording system in physical environment.
In order to ensure security and for the purposes specified in this Policy, our Company can provide internet access with our quests who make this request, during their stay in our buildings and premises. In this case, the log records related to your internet access are saved in accordance with the Law No. 5651 and the mandatory provisions of the legislation issued under this Law; and these records are processed only in case the competent public institutions and organizations request these records, or in order to fulfill its relevant legal obligation in the audit processes to be performed within the Company.
The log records obtained within this framework are only accessible by a limited number of Ozak Global Holding employees. The Company employees who have access to these records access to these records only to use them for the audit processes or the requests received from competent public institutions and organizations, and the Company employees share these records with legally authorized persons. The limited number of persons who have access to the records declare, in their confidentiality undertakings, that they shall protect the confidentiality of the data they will access.
In compliance with article 10 of the PDP Law, our Company informs the personal data subjects of their rights, and guides them on how to exercise these rights. In compliance with article 13 of the PDP Law, our Company conducts the administrative and technical regulations, the internal functioning and the channels necessary for the evaluation of the personal data subjects’ rights and for the provision of the necessary information to the personal data subjects.
Article 11 of the Personal Data Protection Law No. 6698 entered into force on 07 October 2016; and the following are your rights you may exercise by virtue of the relevant article as of that date. Everyone is entitled to apply for the data controller and thus, has the following rights:
Since the following cases are excluded from the scope of the PDP Law by virtue of article 28 of the PDP Law, personal data subjects are not allowed to claim their foregoing rights in these following cases:
By virtue of article 28/2 contained in the PDP Law, personal data subjects are not allowed to claim their rights, with the exception of the right to request for compensation of the damages, in the following cases:
As per the first paragraph contained in article 13 of the PDP Law, it is necessary that the applications, which will be submitted to our Company -namely the data controller- in relation to these rights, are transmitted in writing or through other methods determined by the Personal Data Protection Board (“Board”). Within this framework, the applications that will be submitted “in writing” to our Company may be conveyed to us:
Trade Name: Özak Global Holding A.Ş.
Central Registration System (MERSIS) No : 0662078541700017
E-mail Address: ozakglobal@hs01.kep.tr
Mail Address: İkitelli OSB Mah.10 Cad. 34 Portall Plaza No:7D/8 Başakşehir - İstanbul
In case the application is rejected, the reply is found insufficient, or in case the application is not replied in due time, the data subject may -as per article 14 of the PDP Law- file a complaint before the PDP Board within thirty days following the date he/she learns the reply of the data controller and in any event, within sixty days following the application date.
In the event that personal data subjects duly submit their requests to our Company, our Company will conclude the request as soon as possible or within thirty days at the latest, free of charge depending on the nature of the request.
However, if the transaction requires an additional cost, our Company shall collect a fee from the applicant as specified in the tariff determined by the PDP Board.
In order to identify whether or not the applicant is a personal data subject, our Company may request information from the relevant person.
In order to clarify the matters contained in the personal data subject’s application, our Company may address questions to the personal data subject in relation to his/her application.
In the following cases, our Company may reject the applicant personal data subjects’ applications by explaining the justifications:
Our Company has established a governance structure in order to ensure compliance with the provisions of the PDP Law and secure the effectiveness of the Personal Data Protection and Processing Policy.
In virtue of the resolution taken by the Company’s top management, a “Personal Data Protection Committee” has been constituted within the body of the Company in order to manage this Policy and the other policies that are in connection or associated with this Policy. The tasks of this Committee are specified below.