PRIVACY POLICY

1. Our company, TETRAMAR DOĞAL TAŞ MERMER SANAYİ VE TİCARET LTD. ŞTİ. (“Company”) determines the obligations under this (“Policy”) and the procedures and principles that all interlocutors are subject to in obtaining, processing, deleting, destroying or anonymizing their personal data on our company’s website (www.tetramar.com).

Within the scope of the Turkish Law on Protection of Personal Data (“Law”) Article #6698, Employee Candidates, Employees, Shareholders, Customers, Company Shareholders, Company Officials, Visitors, Institutions that we Collaborate with, Sub-employers and Suppliers and Third Parties are considered as (“Data Owner”) in regards to personal data.

In accordance with the law, the terms and conditions regarding the activities that are subject to personal data processing carried out by the company (“Data Controller”) are included, and it is aimed to inform the data owners to ensure transparency and to obtain their express consent within the scope of the situations detailed below. The “Policy” is made available to the relevant authorities upon the request of “Data Owners”.

Accordingly, this “Policy” has been prepared in order to process personal data in full compliance with the “Law” and to inform data owners in this context. Apart from this “Policy”, “Company” has a separate policy in place regarding the Processing of Personal Data of Employees.

2. This “Policy” concerns all the personal data received from Employee Candidates, Customers, Company Shareholders, Company Officials, Visitors, Employees, Shareholders and Authorities of the Institutions that we Collaborate with, Subcontractors and Suppliers, and Third Parties via all the automatic or partially automatic processes or any non-automatic processes that are part of any data recording system, especially regarding your personal data.

The scope of application of this “Policy” regarding the groups of personal data owners in the above-mentioned categories may be the whole of the “Policy” or only some of its provisions.

3. Relevant legal regulations in effect on the processing and protection of personal data are applicable. In case of an inconsistency between the current legislation and the “Policy”, the “Company” accepts that the applicable legislation will override the “Policy”.

4. Data owners whose personal data are processed within the scope of the “Policy” are categorized as follows:

    • Employee Candidates: Real persons who apply for a job at “Company” by sending their resume and relevant personal information electronically or by any other means.
    • Employees, Shareholders and Authorities of the Institutions that we Collaborate with, Subcontractors, Suppliers: Employees, shareholders and officials of institutions, subcontractors, suppliers that have a business relationship with the “Company”.
    • Customers: Real persons whose personal data are obtained due to business relations within the scope of the activities carried out by the “Company”, regardless of whether there is any contractual relationship or not.
    • Visitors: Real persons who visit the websites or physical facilities of the company for various purposes.
    • Third Parties: Although not defined in the “Policy”, other real persons whose personal data are processed within the framework of this “Policy”.
    • Company Shareholder: The shareholders of the “Company”.
    • Company Official: Member of the “Company”‘s Board of Directors and other authorized real persons.

  • 5. In the implementation of this “Policy” the following definitions are used:
    • Open Consent: Consent about a specific subject, based on information and expressed with free will.
    • Anonymization: It is the rendering of personal data in a way that cannot be associated with an identified or identifiable real person, even by matching with other data.
    • Personal Data: Any information belonging to an identified or identifiable real person.
    • Private Personal Data: Data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are private personal data.
    • Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or blocking the personal data via an automatic or partially automatic processes or any non-automatic processes that are part of any data recording system.
    • Board: Personal Data Protection Board
    • Policy: It is the Company’s Policy on the Protection and Processing of Personal Data.
    • Data Operator: It is the real and legal person who processes personal data under the supervision of the Data Controller.
    • Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system).

  • 6. Matters related to the processing of personal data regarding our “Company”‘s Employee Candidates, Customers, Company Shareholders, Company Officials, Visitors, Employees, Shareholders and Officials of the Institutions that we Collaborate with, Subcontractors and Suppliers and Third Parties are held within the scope of this “Policy” text in accordance with the “Law”.

    7. Personal data obtained with the consent of the “Data Owner” or due to other legitimate reasons listed in the “Law”, are processed limited to the extent required by the purpose or legal basis specified in the informed consent of the data subject in this policy. All your personal data will be deleted, destroyed or anonymized in cases where consent is absent or withdrawn after the legal basis has disappeared.

    8. With the Privacy Policy, it is intended:

    • To reveal what information belonging to the “Data Owner” has been collected and what has been done or not done with that particular data,
    • To determine the responsibilities of the “Data Owner”, “Data Controller” and third parties in terms of protecting their rights and privacy within the scope of the law,
    • To explain the use of shared information in order to provide a functional and useable service.

  • 9. Reading this text, the “Data Owners” accept that they have been informed about the processing of their personal data and Privacy Policy and that they have given their consent to the use of their personal data as specified here.

    10. The personal data processed by the Data Controller are categorized in accordance with the Personal Data Protection Law “Law” as stated below. Unless expressly stated otherwise, the term “Personal Data” will include the information below within the scope of the terms and conditions provided under this Privacy Policy.

    • Credentials: Not being limited to name, last name, Identity number, nationality information, parents’ names, place of birth, date of birth, gender and social security number; all the information contained in documents such as driver’s license, identity card, residence.
    • Communication Information: Clearly belonging to an identified or identifiable real person; processed partially or fully automatically or non-automatically as part of the data recording system; information such as telephone number, address, e-mail address, fax number, IP address.
    • Customer Information: Information obtained and produced about the person concerned as a result of our commercial activities and the operations carried out by our business units in this context.
    • Customer Transaction Information: Information such as records for the use of our products and services, and the customer’s instructions and requests for the use of products and services.
    • Transaction Security Information: Personal data processed to ensure technical, administrative, legal and commercial security during the execution of commercial activities.
    • Risk Management Information: Personal data processed through the methods used in accordance with the generally accepted legal, commercial practices and good faith in these areas so that we can manage our commercial, technical and administrative risks.
    • Financial Information: Personal data processed for information, documents and records showing all kinds of financial results created according to the type of legal relationship established with the personal data owner.
    • Employee Candidate Information: Personal data processed about individuals who have applied to be a company employee or who have been evaluated as an employee candidate in line with the human resources needs of our company in accordance with commercial practices and honesty rules, or who are in a working relationship.
    • Legal Transaction Information: Personal data processed within the scope of determination and follow-up of our legal receivables and rights and performance of our debts.
    • Inspection Information: Personal data processed within the scope of the company’s legal obligations and compliance with company policies.
    • Special Class Personal Data: As stated in Article 6 of the Personal Data Protection Law; Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
    • Marketing Information: Personal data processed for the marketing of our products and services by customizing them in line with the usage habits, tastes and needs of the personal data owner, and the reports and evaluations created as a result of these processing results.
    • Physical Space Security Information: Clearly belonging to an identified or identifiable real person; processed partially or fully automatically or non-automatically as part of the data recording system; Personal data regarding the records and documents taken at the entrance to the physical space, during the stay in the physical space; camera recordings and recordings taken at the security point, etc.
    • Audio/Visual Information: Clearly belonging to an identified or identifiable real person; Photographs and camera recordings (excluding the recordings included in the Physical Space Security Information), audio recordings and data contained in documents that are copies of documents containing personal data.
    • Request / Complaint Management Information: Personal data regarding the receipt and evaluation of any request or complaint directed.

  • 11. Data that has been anonymized in accordance with Articles 3 and 7 of the Personal Data Protection Law will not be considered as personal data and the processing activities regarding this data will be carried out without being bound by the provisions of this Privacy Policy.

    12. Our company processes personal data in accordance with the basic principles in Article 4 of the Personal Data Protection Law and the principles set forth in this “Policy”. In addition, personal data is also processed, limited to the purposes and conditions specified in the personal data processing conditions specified in the 2nd paragraph of the 5th article and the 3rd paragraph of the 6th article of the Law. These purposes and conditions are as follows:
    • It is clearly stipulated in the laws,
    • It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally recognized,
    • It is necessary to process personal data, provided that it is directly related to the establishment or performance of any contract between the data owner and the data controller,
    • It is mandatory for the data controller to fulfill its legal obligations,
    • It has been made public by the data owner himself,
    • Data processing is mandatory for the establishment, exercise or protection of a right,
  • Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner.

    On the other hand, the Law includes biometric data regarding the race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures. and genetic data as “special quality” or “sensitive” personal data and stipulated more severe conditions for their processing. Accordingly, special categories of personal data can only be processed under the following conditions, except in cases where express consent is obtained from the data owner:

    • Data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership of associations, foundations or trade unions, criminal convictions and security measures, and biometric and genetic data of individuals may be processed in the cases stipulated by the laws.
    • Personal data related to health and sexual life can only be processed by persons or authorized institutions and organizations that are under the obligation to keep confidential, for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

  • 13. In the absence of the above-mentioned conditions, the “Company” seeks the express consent of personal “Data Owners” to process personal data. In this context, personal data can be processed for the following purposes, including but not limited to:

    • In line with the purpose of carrying out the necessary works to benefit the personal data owners from the products and services offered by the “Company”; follow-up of contract processes, customer relations, execution of sales processes, legal follow-up, follow-up of customer requests and / or complaints,
    • Carrying out necessary studies for the realization of commercial activities carried out by the company, planning corporate communication activities, ensuring business continuity, establishing information technology infrastructure, monitoring financial affairs, executing corporate governance activities, analyzing business activities, planning business partners and suppliers’ access to information. and execution, planning and execution of business activities, planning and execution of research and development activities,
    • In line with the purpose of planning and executing the company’s human resources policies and processes; Fulfilling the obligations of employees and employee candidates arising from employment contracts and legislation, providing the products and services needed to carry out business activities, monitoring and auditing business activities, planning and executing fringe benefits and benefits, conducting personnel procurement processes, planning performance evaluation processes, company Planning and execution of in-house training activities, planning of human resources processes, planning and execution of human resources needs required for production,
    • In line with the aim of ensuring the legal and commercial security of persons who have a business relationship with the Company; Planning and execution of operational activities required to ensure that company activities are carried out in accordance with company procedures and relevant legislation, planning and execution of occupational health and safety processes, informing authorized institutions based on legislation, follow-up of legal affairs, creation and follow-up of visitor records, company campuses and/or ensuring the security of its facilities, ensuring the security of company operations, planning and executing company audit activities, ensuring that the data is accurate and up-to-date, planning and execution of the company’s financial risk processes.

  • The “Company” mainly aims to obtain the explicit consent of the persons in order to realize the similar purposes as explained. In cases where there are exceptions listed in the Law, limited and measured personal data is kept in accordance with the said exceptions for the realization of these purposes. In cases where the person’s explicit consent is not available, personal data is processed within the framework of the exceptions specified in the Law. In case the exceptions in the Law do not allow the processing of personal data and the person does not have his explicit consent, personal data will not be processed.

    14. The personal information in question may also be used for the purposes of communicating with the “Data Owner” or making various statistical evaluations, creating a database and conducting market research without disclosing the identity of the “Data Owner”.

    15. The “Company” may process the personal data of its employees with whom it has established a service relationship, without seeking consent to the extent necessary for the performance of the established service contract, the fulfillment of mutual obligations and the performance of other legal obligations. The company ensures the confidentiality and protection of the data of its employees. In this context, apart from this “Policy”, “Tetramar Doğal Taş Mermer Sanayi Ve Ticaret Ltd. Şti. Policy Regarding the Processing of Personal Data of Employees” has been regulated.

    For applications and requests made by prospective employees, the company processes all personal data, including CVs submitted by the applicant, without seeking consent, until the application and request are finalized. After the application process is completed with a negative result, its processing depends on the consent of the person concerned. Personal data may be transferred to third parties if the person consents. Otherwise, the data is deleted, destroyed or anonymized after the request and application process is finalized in a negative way. In cases where the request or application is partially or completely positive, the storage and processing of personal data is done according to the conditions of the new legal relationship.

    16. The camera monitoring activity carried out by our company is carried out in accordance with the personal data processing conditions listed in the Law on Private Security Services and the Personal Data Protection Law.

    The personal “Data Owner” is informed by the “Company” in accordance with Article 10 of the Personal Data Protection Law. The “Company” notifies with multiple methods regarding the camera monitoring activity. For the camera monitoring activity by the company; A notification letter stating that monitoring will be done is posted at the entrances of the areas. Thus, it is aimed to prevent harming the fundamental rights and freedoms of the personal data owner, and to ensure transparency and enlightenment of the personal data owner.

    The “Company” processes personal data in a limited and measured manner in connection with the purpose for which they are processed, in accordance with Article 4 of the Personal Data Protection Law.

    The purpose of maintaining the video camera monitoring activity by the “Company” is limited to the purposes listed in this “Policy”. In this direction, the monitoring areas, the number of security cameras and when they will be monitored are sufficient to achieve the security purpose and are implemented in a limited manner for this purpose. The privacy of the person is not subject to monitoring in areas that may result in interference beyond security purposes.

    In accordance with Article 12 of the Personal Data Protection Law, the “Company” takes necessary technical and administrative measures to ensure the security of personal data obtained as a result of camera monitoring.

    Only a limited number of company employees have access to live camera footage and recordings recorded and preserved in digital media.

    By the company; Personal data processing is carried out for the purposes of ensuring security and following the entrances and exits of visiting guests for the purposes specified in this Policy. The name-surname information of the people who come to our company is only processed for the purpose of tracking their entries and exits, and the relevant personal data is recorded in the registration system in physical and electronic environment.

    In order to ensure the security of the places where it carries out its commercial activities, the company carries out personal data processing activities in its headquarters buildings and facilities for monitoring with security cameras, recording, access card reading and identity registration activities, as well as tracking guest entries and exits. Surveillance activities with security cameras and identity checks at the entrances, card reading and their recording are aimed at protecting the interests of the Company and other persons in ensuring their safety. Necessary technical and administrative measures are taken to ensure the security of data.

    17. The “Data Controller” is responsible for realizing the personal data and the new data obtained through the use of this personal data, for the purposes specified under the Privacy Policy and the Information and Consent on the Processing of Personal Data, to carry out the necessary studies to benefit the persons concerned from the services provided, to carry out the commercial activities and the related business processes. Outsourcing service providers, (hosting services), law firms, company officials, including those who send e-mail and SMS, in order to conduct business, ensure security, detect fraudulent or unauthorized use, investigate operational evaluation and fulfill any of these purposes. , business partners, legally authorized public institutions and organizations, and third parties such as private institutions.

    18. Personal data collected for the above-mentioned legal reasons can be processed and transferred for the purposes specified in the current legislation and this Privacy Policy. In line with the legitimate and lawful personal data processing purposes, the “Company” may transfer personal data to third parties based on and limited to one or more of the personal data processing conditions specified in Article 5 of the Personal Data Protection Law:

    • If the personal data owner has express consent,
    • If there is a clear regulation in the law regarding the transfer of personal data,
    • If it is necessary for the protection of the life or physical integrity of the personal data owner or someone else, and the personal data owner is unable to express his consent due to actual impossibility or if his consent is not legally valid;
    • If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
    • If personal data transfer is mandatory for the “Company” to fulfill its legal obligations,
    • If personal data has been made public by the personal data owner,
    • If personal data transfer is necessary for the establishment, exercise or protection of a right,
    • If personal data transfer is necessary for the “Company”‘s legitimate interests, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

  • By showing the necessary care, taking the necessary security measures and taking the adequate measures prescribed by the KVK Board; In accordance with the legitimate and lawful personal data processing purposes, the personal data of the personal data owner may be transferred to third parties in the following cases:

    • If the personal data owner has express consent, or
    • If there is no explicit consent of the personal data owner; Special categories of personal data other than the health and sexual life of the personal data owner (race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or unions, criminal convictions and security measures) and biometric and genetic data), in cases stipulated by the laws, and special personal data related to the health and sexual life of the personal data owner, only for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, It can be transferred by persons or authorized institutions and organizations under the obligation to keep secrets.

  • 19. In line with the legitimate and lawful personal data processing purposes, if the personal data owner has the explicit consent or there is no explicit consent of the personal data owner, the company can transfer the personal data to Foreign Countries with Sufficient Protection or Where the Data Controller Undertakes Sufficient Protection Measures, in the presence of one of the following conditions:

    • If there is a clear regulation in the law regarding the transfer of personal data,
    • If it is necessary for the protection of the life or physical integrity of the personal data owner or someone else, and the personal data owner is unable to express his consent due to actual impossibility or if his consent is not legally valid;
    • If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
    • If personal data transfer is mandatory for the “Company” to fulfill its legal obligations,
    • If personal data has been made public by the personal data owner,
    • If personal data transfer is necessary for the establishment, exercise or protection of a right,
    • If personal data transfer is necessary for the legitimate interests of the “Company”, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

  • 20. By showing due diligence, taking the necessary security measures and taking the adequate measures prescribed by the KVK Board; In line with the legitimate and lawful personal data processing purposes, it can transfer the sensitive data of the personal data owner to the Foreign Countries where the Data Controller has Sufficient Protection or Undertakes Sufficient Protection Measures in the following cases:

    • If the personal data owner has express consent, or
    • If there is no explicit consent of the personal data owner; Special categories of personal data other than the health and sexual life of the personal data owner (race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or unions, criminal convictions and security measures) and biometric and genetic data), in cases stipulated by the laws, and special personal data related to the health and sexual life of the personal data owner, only for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, It can be transferred by persons or authorized institutions and organizations under the obligation to keep secrets.

  • 21. Personal data collected for the above-mentioned legal reasons can be processed and transferred for the purposes specified in Articles 5 and 6 of the Law No. 6698 and this Privacy Policy.

    22. According to Article 11 of the Law, personal data owners have the right to:

    • To learn whether personal data about himself is processed,
    • If personal data about him/her has been processed, requesting information about it,
    • To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
    • Knowing the third parties to whom personal data is transferred in the country or abroad,
    • Requesting correction of personal data in case of incomplete or incorrect processing,
    • Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, although it has been processed in accordance with the provisions of the law and other relevant laws,
    • Requesting notification of the transactions made as a result of the correction, deletion and destruction requests to the third parties to whom the personal data has been transferred,
    • Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
    • It has the right to demand the compensation of the damage in case of loss due to unlawful processing of personal data.

  • 23. Pursuant to paragraph 1 of Article 13 of the Personal Data Protection Law, you must submit your request to our Company to exercise your above-mentioned rights in writing or by other methods determined by the Personal Data Protection Board.

    In this context, in your applications to our Company within the scope of Article 11 of the Personal Data Protection Law, your request, together with the necessary information identifying your identity to exercise your above-mentioned rights and the right you want to use, by specifying which of your rights is related to the use of the Article 11 of the Personal Data Protection Law. You can send it by registered letter with return receipt requested to the following address:

      TETRAMAR DOĞAL TAŞ MERMER SANAYİ VE TİCARET LTD. ŞTİ.
      VİŞNEZADE MAH. SÜLEYMAN SEBA CAD. NO:48A/85 BEŞİKTAŞ/İSTANBUL – TURKEY

    It is not possible to make a request by third parties on behalf of personal data owners. In order for a person other than the personal data owner to make a request, there must be a special power of attorney issued by the personal data owner on behalf of the person to apply.

    24. In accordance with Article 13 of the Personal Data Protection Law, our Company concludes the application requests made by the personal data owner as soon as possible and within 30 (thirty) days at the latest, free of charge, depending on the nature of the request. However, if the transaction requires an additional cost, it is possible to collect the fee in the tariff determined by the KVK Board.

    Our company may accept the application request of the personal data owner, or reject it for the following reasons by explaining the reason, and notify the relevant person in writing or electronically:

    • Preventing other people’s rights and freedoms,
    • Requires disproportionate effort,
    • The information is publicly available information,
    • Endanger the privacy of others,

  • In the event that one of the situations outside the scope of the Personal Data Protection Law exists, the application of the personal data owner is rejected, the response is insufficient or the application is not answered in due time, making a complaint to the KVK Board within thirty days from the date of learning the answer of the data controller and in any case within 60 (sixty) days from the date of application. has the right.

    The “Company” takes the necessary technical and administrative measures to ensure that personal data is not processed unlawfully, that personal data is not illegally accessed, and that personal data is preserved, under the conditions specified in the relevant legislation or expressed in this Privacy Policy. The data controller also does not disclose the personal data obtained from the data owner to anyone else in violation of the provisions of this Privacy Policy and the Law on the Protection of Personal Data, and does not use them for purposes other than processing.

    25. This Privacy Policy may be updated from time to time in order to comply with changing conditions and legislation. Last Updated: January 20, 2022.

    26. Although no period has been determined for the storage of personal data within the scope of the “Law”, it is essential to keep personal data for as long as required by the relevant legislation or for the purpose for which they are processed, in accordance with general principles. The “Data Controller” makes an evaluation based on the legislation in force regarding each data processing process and the purpose of the process, in order to determine the retention periods in accordance with the said principle. In this respect, personal data is kept at least for the period required by its legal obligations and until the statute of limitations subject to the relevant Law expires.

    Personal data may be stored in case of any dispute that may arise between you and the “Data Controller”, in order to make the necessary defenses within the scope of the dispute. Personal data is anonymized, deleted or destroyed in accordance with the “Law”, with the disappearance of the purpose of processing the relevant personal data within the scope of any process, including the expiration of the aforementioned periods.

    27. The personal data we collect must be accurate and up-to-date when necessary. Therefore, in case of any change in your personal data, you can notify the relevant unit of our Company.

    28. Our company makes the necessary assignments within the “Company” in order to fulfill the obligations in the Personal Data Protection Law and to implement the issues specified in this Policy and establish the procedures accordingly.

    The “Policy”, which includes the items listed above, is is presented to the personal data owner together with other relevant information and consent texts under the title of “Information and Consent Text on the Protection, Processing and Privacy Policy of Personal Data of Tetramar Doğal Taş Mermer Sanayi Ve Ticaret Ltd. Şti.” In addition, upon the request of personal data owners, the “Policy” is presented to the relevant persons and access is provided.