Stoneline

Search

MENU

POLICY OF PROCESSING PERSONAL DATA

CONTENTS:

1. PURPOSE AND SCOPE OF THE POLICY

2. RESPONSIBLE PERSONS

3. DEFINITIONS OF THE CONCEPTS

4. RECORDING MEDIA OF PERSONAL DATA

5. EMPLOYEE AND GROUP OF EMPLOYEE CANDIDATES

5.1. Personal Data Collected Regarding the Group of  Employee Candidates

5.2. Purposes of Collecting and Processing Personal Data of Employee Candidates

5.3. Conducting a Reference Search for the Candidate,

5.4. The Personal Data That Shall Be Processed During Recruitment Among Those Collected During the Candidacy Process

5.5. Personal Data Collected Regarding the Employee Group

5.6. Purposes of Collecting and Processing Personal Data of Employees

5.7. Methods of Collecting and Processing Personal Data of Employees and Employee Candidates

6. GROUP OF CUSTOMERS AND POTENTIAL PURCHASERS OF PRODUCTS OR SERVICES

6.1. Collected Personal Data Regarding Customers

6.2. Purposes of Collecting and Processing Personal Data of Customers

6.3. Collected Personal Data Regarding Potential Product Service Purchaser

6.4. Purposes of Processing Data Regarding the Potential Product Service Purchaser

6.5. Methods of Collecting and Processing Personal Data of Customers and Potential Product Service Purchasers

7. GROUP OF AUTHORIZED PERSONS OF SUPLIERS

7.1. Collected Personal Data Regarding Suppliers

7.2.Purposes of Collecting and Processing Supplier Data

7.3. Methods of Collecting and Processing Personal Data of Suppliers

8. SHAREHOLDER GROUP

8.1. Collected Personal Data Regarding Shareholders

8.2. Purposes of Processing Shareholder Data

8.3.Collection and Processing Methods of Personal Data of the Shareholders

9.1. Collected Personal Data Regarding Visitors

9.2. Purposes of Processing Visitor Data

9.3.Collection and Processing Methods of Personal Data of the Visitors

9. PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

10.1. Processing in Accordance with Law and Honesty

10.2. To Ensure that the Personal Data Accurate and Up to Date When Required

10.3. Processing for Specific, Clear and Legitimate Purposes

10.4. Being Related, Limited and Moderate with the Purpose of Processing

10.5. Storing for the period prescribed in the relevant legislation or the Time Required for the Purpose

10. CONDITIONS OF PROCESSING PERSONAL DATA OF GROUPS AND LEGAL REASONS

11.1. Clearly Stipulated in Laws

11.2. Failure to Obtain Express Consent of the Relevant Person Due to Actual Impossibility

11.3. Being Directly Related to the Establishment or Performance of the Contract

11.4. Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) Fulfillment of the Legal Obligation

11.5. Publicizing Personal Data of Group of People

11.6. When Data Processing is Mandatory for the Establishment or Protection of a Righ

11.7. Processing of Data Based on Legitimate Interest

11. CONDITIONS WHERE SENSITIVE PERSONAL DATA CAN BE PROCESSED

12.1. Processing of Sensitive Personal Data Based on Explicit Consent

12.2. Conditions Where Sensitive Personal Data Can Be Processed Without Explicit Consent

12. ENLIGHTENING AND INFORMING THE GROUP OF PEOPLE

13. CATEGORIZATION OF PERSONAL DAT

14. TRANSFER OF PERSONAL DATA TO DOMESTIC AND/ OR FOREIGN THIRD PARTIES

15.1. Transferring Personal Data

15.2. Transfer of Personal Data Abroad

15.3. Third Persons to whom Personal Data are Transferred and Transfer Purpose

15. SECURITY OF PERSONAL DATA

16. LEGAL RIGHTS OD GROUP OF PEOPLE AND THE METHODS OF USE

17.1. Rights Regarding Personal Data Under KVKK

17. PRINCIPLES ON THE EXERCISE OF RIGHTS RELATED TO PERSONAL DATA

18. ENFORCEMENT AND UPDATEABILITY

  1. PURPOSE AND SCOPE OF THE POLICY

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline)   Policy of Processing Personal Data (“Policy”),  Has been prepared in order to determine the procedures and principles  regarding the processing activities carried out by Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) (“Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) Stoneline and the work and transactions for the protection of the personal data being processed.   

The protection of personal data has been secured by the Constitution with the paragraph added to Article 20 of the Constitution as a result of the amendment made in 2010, and it has been stipulated that the procedures and principles regarding the protection of personal data shall be regulated by law.   In this context, the Law on the Protection of Personal Data No. 6698 entered into force on 07.04.2016. With respect to the protection of personal data, which is a constitutional right, Saka Yapı Ürünleri Dış Ve İç Tic. A.S. (Stoneline) makes this a company policy primarily by organizing the necessary endeavors to create awareness within the company and by aligning the internal operation with the legislation on protection of personal data.   by arranging the necessary endeavors to create awareness within the company and by aligning the internal operation with the legislation on protection of personal data.  

Personal Data Protection and Processing Policy includes the principles  applied in the collection, use, sharing, storage and disposal processes of personal data by Saka Yapı Ürünleri Dış Ve İç Tic. A.S. (Stoneline)   It includes and aims to inform the persons whose personal data are processed by the Company, especially the customers still in relationship with the company, employees of the company, visitors, employees of the institutions and organizations cooperated with, supplier officials, potential service and product purchasers, employee candidates and third parties.

This Policy is intended to guide Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline)  in terms of the implementation of the personal data protection law and the regulations laid down by the relevant legislation.

  1. RESPONSIBLE PERSONS

Saka Yapı Ürünleri Dış Ve İç Tic. all employees, external service providers in fulfilling the requirements for the destruction of data specified in the Law, Regulation and Policy, and otherwise, everyone who stores and processes personal data in the company is responsible for fulfilling these requirements.

Each business unit is responsible for storing and protecting the data produced within its own business process. In destructions that shall affect business processes and cause data integrity to deteriorate, data loss and results contrary to legal regulations; the relevant information systems department shall decide by considering the type of personal data, the systems in which it is included, and the business unit performing the data processing.

It is the responsibility of the contact person assigned by the data controller to receive or accept the notifications from or correspondences with Personal Data Protection Board on behalf of the data controller and to register the same.

  1. DEFINITIONS OF THE CONCEPTS
EXPLICIT CONSENT The consent on a specific subject, based on getting informed and expressed with free will.
ANONYMIZATIONProcess of rendering personal data impossible to link with an identified or identifiable natural person, even though matching them with other data.
PERSONAL DATA SUBJECTNatural person whose personal data are processed. For instance; Customers, employees.
PERSONAL DATAAny information on identified or identifiable natural persons.
SENSITIVE PERSONAL DATASpecific personal data refers to data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, appearance, membership of an association, foundation or union, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
PROTECTION OF PERSONAL DATAAll kinds of transactions performed on data such as obtaining, recording, storing, preserving, modifying, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the usage of personal data by fully or partially automated or non-automatic means provided that it is part of any data recording system,  
DATA PROCESSORIt is the real and legal person who processes personal data on behalf of the data controller based on the authority granted by him/ her.
DATA CONTROLLERIt is the real and legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
KVKK (the law on the protection of personal data)The Law on Protection of Personal Data No. 6698
  1. RECORDING MEDIA OF PERSONAL DATA

Saka Yapı Ürünleri Dış Ve İç Tic. Personal data are processed by Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş (Stoneline) through the following recording media.

  • Servers,
  • Database,
  • Removable Memories (USB, Memory Card etc.)
  • Information security devices (firewall, log file, antivirus, etc.)
  • Personal embezzled organization computers ,
  • Optical disks (CD, DVD, etc.)
  • Software (office software, government-owned software)
  • Non-electronic written, printed, visual media, paper outputs,
  • Archives 
  1. EMPLOYEE AND GROUP OF EMPLOYEE CANDIDATES

5.1. Personal Data Collected Regarding the Group of  Employee Candidates

Saka Yapı Ürünleri Dış Ve İç Tic. With regard to the candidate group who applied to the company for vacant position, Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş. (Stoneline) collects the following data;

  • Identification data (Name-surname, place and date of birth, nationality, gender), 
  • Contact data (address, home phone, mobile phone, e-mail address),
  • Driving Licence
  • Information about the military service and status, 
  • Educational status (schools graduated, certificates, courses attended, computer and foreign language knowledge/ level),
  • Professional status information (work experience, department desired to work) 
  • Reference information, phone and position, work place of the reference,
  • Net wage expectation, travel information, photo,
  • Personal data of camera recording images are collected.

5.2. Purposes of Collecting and Processing Personal Data of Employee Candidates

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş (Stoneline) processes the personal data of the employee candidates for the following purposes by considering the nature of the application: 

  • Assessing the candidate’s qualification, experience, interest and eligibility for the vacant position,
  • If necessary, checking the accuracy of the information submitted by the candidate or contacting third parties and conducting a reference search for the candidate,
  • To be able to carry out the application processes of Employee Candidates,
  • To contact the candidate about the application and recruitment process,
  • Camera records are obtained in order to carry out activities in accordance with the legislation and to ensure the safety of the venue.

5.3. Conducting a Reference Search for the Candidate,

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline), can conduct a reference search about the candidates through the information specified by the candidates by filling in the relevant fields in the job application form. 

The reference search to be conducted shall generally be aimed at confirming the accuracy of the information provided by the candidate. Obligation of clarification to the people to be contacted for the purpose of reference search  shall be performed by the authorized person of Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş. at the time of first communication. 

Necessary personal data such as identity information, occupational and educational experiences of candidates can be shared with third parties within the scope of the reference search to be conducted. Moreover, the personal data about candidates can be obtained from third parties.

The candidates can always contact Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) about the reference search to be conducted about them

5.4. The Personal Data That Shall Be Processed During Recruitment Among Those Collected During the Candidacy Process

Entire personal data collected and processed about the candidate during the recruitment process are transferred to the personal file if it is decided to employ the candidate in the relevant vacant position.

5.5. Personal Data Collected Regarding the Employee Group

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline), collects the following data in order to execute the employment relationship/ employment contract;

  • CV, photograph, work experience, education level, diploma, foreign language certificate and other certificates, OHS training exam scores, on-the-job training information,
  • Photocopy of identity card, driver’s license and passport information,
  • Telephone number, address, E-mail address, (contact information),
  • Identification information of employee relative , phone number, name, surname and AGI (minimum living allowance) and BES (individual pension system) Forms, 
  • SSI employment declaration information, 
  • Foreign personnel employment form and information,
  • Medical report, disability status, blood type, employment examination form, examination tests,
  • Vehicle License Plate and GPS tracking information, 
  • Telephone, e-mail and name information of the references, 
  • Workplace regulations, embezzlement, information of petition, minutes, request and complaint, 
  • Disability and conviction status,
  • CV information during recruitment, 
  • Military registration certificate, SSI service scheme, identity register copy, residence information, 
  • Financial data, salary data and execution payment information, seniority, notice and compensation information,
  • Contract information, legal documents, leave form and information, 
  • Facial recognition biometric data, entry exit information,
  • Visual data and videos,
  • Camera records and log IP recording process security information are obtained. 

5.6. Purposes of Collecting and Processing Personal Data of Employees

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline), processes personal data of the employee group for the following purposes:

  • To contact the persons submitted by the personnel on their own consent in case of emergencies, 
  • To execute the information security processes, 
  • To conduct ethical activities of auditing ,
  • To be able to carry out human resources processes,
  • To conduct contracting processes 
  • To conduct communication activities related to customers, suppliers and service providers,
  • To be able to satisfy the demands of the authorized public institutions or organizations in case of disputes that may arise or in a judicial case that may occur,
  • To ensure travel activities,
  • To conduct residence procedures for foreign personnel,  
  • To fulfill legal obligations regarding the employment of the employees,
  • To ensure the  annual leave procedures of the personnel,
  • To determine the wage policy and carry out the execution, deduction, finance and accounting transactions, 
  • To follow-up and execute legal, litigation and court proceedings,
  • To fulfill automatic private pension procedures,
  • To ensure the shuttle transportation services for employees,
  • To conduct processes for fringe benefits and interests for employees 
  • To monitor the health conditions necessary for the employees to fulfill their duties,
  • To conduct OHS Training activities and performing assessments, 
  • To be able to perform the activities that should be done within the framework of occupational health and safety,
  • To carry out training and certification activities, 
  • To ensure organization and activities processes,
  • To execute embezzlement transactions
  • To conduct disciplinary processes, 
  • To be able to carry out logistical activities and GPS tracking within the scope of legitimate interests with vehicle security, 
  • To be able to track requests/ complaints, 
  • To conduct power of attorney transactions and to grant authorization,
  • To conduct assignment processes 
  • To be able to conduct employee selection and placement processes,
  • To record camera images in order to ensure physical space security due to privacy and security practices in the workplace,
  • To ensure the determination of job entry and exit and its control,
  • To be able to execute the  management activities, 
  • To be able to carry out work accident processes, to prepare the necessary minutes and to report to the authorized expert,
  • To fulfill the requirements determined by laws and regulations (tax legislation, social security legislation, labor law, law of obligations, commercial law legislation, International Labor Law, occupational health and safety law, legislation on electronic communication, etc.)
  • processed by the Stoneline departments of the organization in order to fulfill the legal obligations specified in the KVKK.

5.7. Methods of Collecting and Processing Personal Data of Employees and Employee Candidates

During the recruitment process, the personal data of the candidates are collected together with other methods and means specified in this Policy or in addition to the following methods and means:

  • Information received through the written statements, application, 
  • The CVs sent by the candidates to Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline)  via e-mail, face-to-face and similar methods,
  • Camera recordings for visual photographs, video and physical space provision, 
  • In physical environments,in personal files  
  • Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) processes the collected personal data automatically or non-automatically through computer systems and corporate personnel.
  1. GROUP OF CUSTOMERS AND POTENTIAL PURCHASERS OF PRODUCTS OR SERVICES 

6.1. Collected Personal Data Regarding Customers

Saka Yapı Ürünleri Dış Ve İç Tic. Although it may vary depending on the service, product or commercial activity offered by Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline), are processed by Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline)   during your use of Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) products and services:  

  • Name surname, Identity information including Republic of Turkey identification number, signature, titles,
  • Telephone number, address, e-mail address, (contact information),
  • Invoice and bank account information, tax number information and financial information,
  • Customer order information forms, demands and requests,
  • Visual photos and videos,
  • Project information and photos they have done, 
  • Contract and legal document information,
  • Camera recording images are available for physical space security.

6.2. Purposes of Collecting and Processing Personal Data of Customers

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) processes the customer’s personal data for the following purposes, considering the business relationship between them and the service it provides to the customer:

  • To follow and carry out legal affairs and to ensure contractual processes,
  • To conduct communication activities
  • To execute and control business activities,
  • To carry out financial and accounting procedures and to report to the necessary authorities, 
  • To receive and evaluate suggestions for the improvement of business processes,
  • To evaluate the suggestion and request forms filled in by the customer upon request and to improve the work processes. 
  • To carry out after-sales support services for goods/ services,
  • To conduct activities for customer satisfaction
  • To conduct organization, event, fair activities, 
  • To conduct sale processes of goods/ services 
  • To carry out the production and operation processes of goods/ services, 
  • To carry out processes of customer relationship management
  • To carry out logistics activities and to provide the required service to the customer correctly, 
  • To carry out marketing processes of products/ services,
  • To provide information to authorized persons, institutions and organizations to the extent required by law within the scope of legal conditions,
  • To ensure physical space security within the organization, 
  • In order to fulfill the legal obligations specified in the KVKK, Saka Yapı Ürünleri Dış Ve İç Tic. A.S. (Stoneline)  is processed by corporate departments.  

6.3. Collected Personal Data Regarding Potential Product Service Purchaser

Saka Yapı Ürünleri Dış Ve İç Tic. The personal data obtained through verbal statement, e-mail, written or electronic media depending on the service, product or commercial activity offered by Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş (Stoneline)  to the potential product/ service purchasers, the following is processed by Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline):  

  • Name and surname, phone number, e-mail address (contact information),
  • Company information worked with and offers sent.
  • In order to fulfill the legal obligations specified in the KVKK, Saka Yapı Ürünleri Dış Ve İç Tic. A.S. (Stoneline)  is processed by corporate departments.  

6.4. Purposes of Processing Data Regarding the Potential Product Service Purchaser

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) processes the potential purchaser’s personal data for the following purposes, considering the business relationship between them and the service it provides to the customer:

  • To conduct product marketing and promotional activities,
  • To conduct customer relationship management processes,
  • It is processed for the purposes of conducting goods/ service sales processes. 

6.5. Methods of Collecting and Processing Personal Data of Customers and Potential Product Service Purchasers

During the interview and/ or evaluation process, the personal data of the customers can be collected together with other methods and means specified in this Policy or in addition to the following methods and means:

  • In verbal, written, electronic media; e-mail, website request and form suggestion page are processed with the programs and applications used in the organization. 
  1. GROUP OF AUTHORIZED PERSONS OF SUPLIERS 

7.1. Collected Personal Data Regarding Suppliers

Saka Yapı Ürünleri Dış Ve İç Tic. Although it may vary depending on the service, product or commercial activity purchased by Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline), are processed by Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline)   during your use of Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) products and services:  

  • Name Surname, signature, title, Republic of Turkey identification number information 
  • Phone number, e-mail address (contact information),
  • Camera recording information received within the scope of physical space security, 
  • Vehicle plate number, tax, waybill,  Republic of Turkey  number or tax number information with respect to the goods sent by the supplier 
  • Audit reports and information, 
  • Visual photo information, 
  • Training registration information and training participation forms,
  • Bank account information, contract content and legal information, contract price, incoming offers, invoice information (financial information) are received and processed. 

7.2.Purposes of Collecting and Processing Supplier Data

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) processes the personal data of the suppliers for the following purposes, considering the business relationship between them and the service it purchases from the supplier:

  • To be able to execute the contract processes and to ensure the follow-up of the legal processes, 
  • To perform the payment transactions and to ensure the continuity of business,
  • To conduct audit activities,
  • To execute the supplier chain management processes,
  • To carry out logistics activities and to provide correct good service to the customer,
  • To carry out the procurement processes of goods and services,
  • To execute the external service provider processes,
  • To execute the financial accounting, invoice and delivery note processes and compliance with legal regulations, 
  • To carry out activities in accordance with the legislation and to ensure physical space security,
  • To provide information to authorized persons, institutions and organizations,
  • To ensure business processes and maintaining business continuity,
  • To ensure Organization and Event Management and to perform the marketing of the supplier service provider, 
  • In order to fulfill the legal obligations specified in the KVKK, Saka Yapı Ürünleri Dış Ve İç Tic. A.S. (Stoneline)  is processed within the purposes determined by the organizational departments.

7.3. Methods of Collecting and Processing Personal Data of Suppliers

During the interview and/ or evaluation process, the personal data of the suppliers can be collected together with other methods and means specified in this Policy or in addition to the following methods and means:

  • In verbal, written or electronic media; e-mail, written statement, application, website and whatsapp 
  • Camera recordings for visual photographs, video and physical space provision, 
  • In physical environments, it is collected and processed over supplier files, contracts, request forms, invoices and delivery notes.
  1. SHAREHOLDER GROUP 

8.1. Collected Personal Data Regarding Shareholders

Saka Yapı Ürünleri Dış Ve İç Tic. The following personal data obtained by Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline) from the shareholders in physical or electronic environment,  are processed by Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline)   during the operation  legal processes and legitimate interest of the company.

  • Identity and passport information,
  • Share rate share information, bank account information, 
  • Information written in the trade registry gazette, 
  • Visual photo, video information, 
  • Information on power of attorney, signature circular, contracts and legal documents
  • Address, e-Mail, Telephone (Contact Information),
  • Audit reports information,
  • Camera records and IP Log record information are taken.

8.2. Purposes of Processing Shareholder Data

Saka Yapı Ürünleri Dış Ve İç Tic. A.S. (Stoneline) processes the personal data of shareholders for the following purpose:

  • To conduct the power of attorney transactions,
  • To execute legal transactions, 
  • To execute the information security processes,
  • To manage audit and inspection processes and carrying out risk activities, 
  • To conduct travel transactions and to ensure consular procedures,
  • To conduct management activities 
  • To ensure data controller activities, 
  • To meet the demands of authorized public institutions or organizations within the scope of legal obligation,
  • To execute the financial and accounting processes,
  • To conduct contracting processes
  • In order to carry out activities in accordance with the legislation and to ensure space security, camera records are stored and processed within the specified purposes.

8.3.Collection and Processing Methods of Personal Data of the Shareholders

The personal data of the shareholders are collected together with other methods and means specified in this Policy or in addition to the following methods and means:

  • Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) processes the collected personal data automatically or non-automatically through computer systems and corporate personnel.
  • By physical means, through archiving contracts, power of attorney, personal information  
  • In visual or electronic media; it is collected and processed with photographs and applications.
  • VISITORS GROUP

9.1. Collected Personal Data Regarding Visitors

Saka Yapı Ürünleri Dış Ve İç Tic. The following personal data obtained by Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline) from visitors in visual or electronic environment,  are processed by Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline)   during Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş’s  (Stoneline) legitimate interest:

  • Camera recording images for the security of the organization,
  • Within the scope of 5651 law activities, instant log record information is obtained.

9.2. Purposes of Processing Visitor Data

Saka Yapı Ürünleri Dış Ve İç Tic. A.S. (Stoneline) processes the personal data of visitors for the following purpose:

  • To carry out activities in accordance with the legislation,
  • To be able to satisfy the demands of the authorized public institutions or organizations in case of disputes that may arise or in a judicial case that may occur,
  • Are processed for the purpose of ensuring physical space security.

9.3.Collection and Processing Methods of Personal Data of the Visitors

The personal data of the visitors are collected together with other methods and means specified in this Policy or in addition to the following methods and means:

  • In visual or electronic media; it is collected and processed through camera applications. 
  1. PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) as a company policy, displays a special sensitivity to the protection of personal data and acts in the light of the following basic principles.

10.1. Processing in Accordance with Law and Honesty

Complies with the general principles of trust and honesty as well as the principles laid down by legal regulations in the processing of personal data.

10.2. To Ensure that the Personal Data Accurate and Up to Date When Required

Periodic checks and updates are made to ensure that the processed personal data of the groups are accurate and up to date, and necessary measures are taken in this direction. In this context, systems for checking the accuracy of personal data and making the necessary corrections are established within  Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş. (Stoneline)  

10.3. Processing for Specific, Clear and Legitimate Purposes

Personal data are processed based on clear, specific and legitimate data processing purposes. The purpose for which the data will be processed is detailed below.

10.4. Being Related, Limited and Moderate with the Purpose of Processing

Personal data are processed in a moderate, relevant and limited manner in order to achieve the anticipated purpose/ objectives, and the processing of personal data that is not related to achieving the purpose or is not required is avoided.

10.5. Storing for the period prescribed in the relevant legislation or the Time Required for the Purpose

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) maintains personal data only for the time required for the purpose for which they are specified or processed in the applicable legislation. In this context,  primarily it is determined whether the relevant legislation stipulate a period for storing personal data, if a period is determined, it acts in accordance with this period, if no time has been set, it stores personal data for the time required for the purpose for which it was processed. In the event of the expiration of the time or in case the reasons requiring the processing of the data disappear, if there is no legal reason for the data to be processed for a longer period of time personal data are deleted, destroyed or anonymized in accordance with the Personal Data Storage and Destruction Policy of Saka Yapı Ürünleri Dış ve İç Tic. A.Ş (Stoneline).

  1. CONDITIONS OF PROCESSING PERSONAL DATA OF GROUPS AND LEGAL REASONS

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş (Stoneline) processes a significant portion of the personal data it processes by using the powers that are mandatory to use due to legal obligations and for the protection of public order. Pursuant to the 2nd paragraph of Article 5 of the Law, personal data; 

  • If expressly stipulated by the laws,
  • If it is essential for the protection of life or physical integrity of the person or of any other person who is incapable of giving his consent due to factual impossibility or whose consent is not deemed legally valid.
  • If it is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
  • If it is essential for the data controller to fulfil his legal obligation,
  • If publicized by the person concerned,
  • Due to the necessity of data processing for the establishment, use or protection of a right,
  • If data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.

In case of existence of one of the conditions, it is possible to process data without the explicit consent of the person concerned. For the situation that does not fall into the above majority, the Company only processes personal data by obtaining the explicit consent of the data subject.

If the processed personal data is sensitive personal data ; the conditions stated below under the title of “Conditions Where Sensitive Personal Data May Be Processed” apply. Groups are informed about the personal data processed with this Policy, the purposes for which their personal data are processed, from which sources their personal data are collected, with whom and how these personal data shall be shared.

Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline), legal reasons for personal data processing purposes within the scope of our obligations arising from the legislation that we are subject to; in particular, Labor Law No. 4857, Income Tax Law No. 193 (E-Waybill Application Guide), Tax Procedure Law No. 213, Turkish Commercial Code no. 6102, Individual Pension Savings and Investment System Law No. 4632, Law No. 5651 on the Regulation of Broadcasts Made on the Internet and Fight Against Crimes Committed Through These Publications, International Labor Law No. 6735, Personal Data Protection Law No. 6698, The Organization and Duties of the Public Oversight, Accounting and Auditing Standards Authority No.660, Independent Audit Regulation, Law No. 6331 on Occupational Health and Safety  to use them in all kinds of products and services; recording personal information necessary to identify the transaction owner; to arrange all records and documents that shall be the basis of the transaction; to comply with the obligation of information storage, reporting and information stipulated by the legislation, and official authorities; to be able to provide the requested products and services and to fulfill the requirements of the contract you have concluded.

11.1. Clearly Stipulated in Laws

In cases where processing of personal data is explicitly stipulated by laws Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) processes the personal data of the groups of people whose data shall be processed without their explicit consent. For instance, processing personal data in processes such as membership, commercial electronic permission, order, payment, delivery, cancellation or return of the product in accordance with the Law on the Regulation of Electronic Commerce.

11.2. Failure to Obtain Express Consent of the Relevant Person Due to Actual Impossibility

If it is necessary to process the personal data of the group of people who are unable to express their consent due to actual impossibility or whose consent cannot be validated, or to protect the life or body integrity of another person, the data may be processed without the explicit consent of the group of people.

11.3. Being Directly Related to the Establishment or Performance of the Contract

The data may be processed if it is necessary to process the personal data of the parties to the contract provided that it is directly related to the establishment or performance of a contract. 

11.4. Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) Fulfillment of the Legal Obligation 

If processing is mandatory to fulfill legal obligations as a data controller, the personal data of the group of people may be processed without express consent. 

11.5. Publicizing Personal Data of Group of People

If the personal data of the group of people is made public by the person concerned, the data can be processed without the need for explicit consent. For instance, personal data shared by the Member publicly on the internet, in the social media accounts, this sharing can be processed if it is in accordance with the will.

11.6. When Data Processing is Mandatory for the Establishment or Protection of a Right

If data processing is mandatory for the establishment, use or protection of a right, the data may be processed without the explicit consent of the group of people. For instance, putting the information of the Member in the complaint file based on a complaint made to the court.

11.7. Processing of Data Based on Legitimate Interest

Provided that the fundamental rights and freedoms of the group of people are not harmed,  personal data may be processed without the explicit consent of the group of people, if data processing is mandatory for the legitimate interests of Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline). For instance, in order to ensure customer satisfaction conducting satisfaction surveys by Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline).

  1. CONDITIONS WHERE SENSITIVE PERSONAL DATA CAN BE PROCESSED

Some of the personal data are organized separately as “sensitive personal data” and are subject to special protection.

12.1. Processing of Sensitive Personal Data Based on Explicit Consent

Sensitive personal data can be processed in accordance with the principles specified in this Policy and by taking the necessary administrative and technical measures, if the group of people has explicit consent.

12.2. Conditions Where Sensitive Personal Data Can Be Processed Without Explicit Consent

Sensitive personal data may be processed in the following cases where the group of people do not have express consent, provided that adequate measures are taken by the Personal Data Protection Board (“Board”):

  • In cases stipulated by the law, sensitive personal data may be processed excluding the health and sexual life of the group of people
  • Sensitive personal data related to the health and sexual life of the group of people can only be collected by persons or authorized institutions and transferred to the authorized public organizations under the obligation of secrecy for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. 
  1. ENLIGHTENING AND INFORMING THE GROUP OF PEOPLE

Within the scope of the 10th article of the Law, data subjects should be informed before or at the latest during the acquisition of personal data. The information to be conveyed to data subjects within the framework of the mentioned disclosure obligation is as follows;

  • Identity of data controller and, its representative if any 
  • The purpose of processing personal data
  • To whom and for what purpose personal data can be transferred
  • Method and  legal reason of personal data collection
  • Other rights enumerated in Article 11 of the Law. 

You can submit your requests under Article 11 of the Personal Data Protection Law titled “Rights of the Related Person”  According to the “Communiqué on Application Procedures and Principles to Data Controller”  By filling the Application Form of Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) in written form to the address of Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş. (Stoneline)  Mimar Sinan Mahallesi Sarı Lale Sokak No: 4/ Eyüpsultan İstanbul, by signing with “secure electronic signature” to the address of sakayapi@hs01.kep.tr via Registered Electronic Mail (KEP) or to kvkk@stoneline.com.tr via e-mail.

  1. CATEGORIZATION OF PERSONAL DATA

Within the scope of this policy, the personal data of the groups of people  in the following categories are processed by Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline):

Data CategoryPersonal Data Class Description
Identity InformationInformation on documents such as driver’s license, identity card, residence, passport, lawyer ID, marriage certificate (identity no, passport number, identity card serial number, name-surname, photograph, place of birth, date of birth, age, place of registration certificate of identity card copy)
Contact InformationInformation used to communicate with the person (e.g. e-mail address, telephone number, mobile phone number, address)
Customer Transaction InformationInformation on any transaction performed by the customer using our services (e.g. requests and instructions, etc.)
Physical Space Safety InformationPersonal data (e.g. entry-exit logs, visit information, camera records, etc.) regarding the records and documents taken during the entry, within the physical space and during the stay in the physical space.
Transaction Security InformationPersonal data processed in order to ensure the technical, administrative, legal and commercial security of the company and related parties (e.g., information such as the website password and password showing that the person is authorized to match the transaction associated with the personal data subject and that person is authorized to perform that transaction)
Financial InformationPersonal data within the scope of information, documents and records indicating entire kinds of financial results created according to the type of legal relationship with the personal data subject (For instance: information showing the financial result of the transactions made by the data subject, tax liability amount, card information, tax payments, interest amount to be paid and rate, debt balance, credit balance, etc.)
Personal InformationPersonal data that constitute the basis for the formation of employee personal rights (all kinds of information and documents legally required to be entered in the personal file)
Legal Procedure and Compliance InformationPersonal data processed for determination and follow-up of legal receivables and rights and for the performance of debts and legal obligations (e.g. data included in documents such as court and administrative authority decisions)
Vehicle Information It contains vehicle entry-exit and plate information of persons, customers, visitors and staff.
Location Information Provides GPS tracking information about employees. 
Audit and Inspection Information Personal data processed within the scope of the organization’s legal obligations and compliance with company policies (e.g. audit and inspection reports, relevant interview records and similar records)
Criminal Convictions and Security MeasuresIncludes information on criminal conviction and on security measures.
Visual and Audio DataVisual and audio recordings associated with the personal data subject (e.g. photographs, camera recordings and sound recordings)
  1. TRANSFER OF PERSONAL DATA TO DOMESTIC AND/ OR FOREIGN THIRD PARTIES

Personal data belonging to the group of people can be transferred to third parties (third party companies, third real persons) by taking the necessary security measures in line with the processing purposes.

15.1. Transferring Personal Data

Personal data can be transferred to third parties in case the conditions stipulated in Article 8 and Article 9 of the KVKK are met.

15.2. Transfer of Personal Data Abroad 

  • To the relevant consulates for international journeys of the relevant personnel and residence procedures of foreign personnel,
  • Relevant photos and visual videos for fair events on social media, 
  • To carry out the sales of customer goods/ services and supplier goods, to carry out export and import activities, your personal data is transferred to the relevant supplier and customer abroad within the scope of legitimate interests and legal processes within the specified purposes.

15.3. Third Persons to whom Personal Data are Transferred and Transfer Purposes

Your personal data can be transferred to the groups of people listed below who are the subject of the data:

  • Business partners 
  • Public institutions necessary for legal legislations such as Finance, BTK (information and communication technologies authority), SSI (Social Security Institution), İŞKUR (Turkish Employment Agency), NOTARY, Revenue Administration, Ministry of Customs, Ministry of Family Labor and Social Services, 
  • To OHS Institutions
  • Travel Agencies,
  • The schools they are affiliated to for trainees 
  • Independent audit firms,
  • Certification Firms,
  • To hospitals to monitor health conditions, 
  • Insurance Institutions,
  • Customers, potential customers, service providers,  external service providers,
  • To bank institutions,
  • Legally authorized private legal persons (Company Lawyer/ Legal Counsel).

Your personal data are transferred for the following purposes:

  • Saka Yapı Ürünleri Dış Ve İç Tic. For the development and improvement of the employment contract principles applied by Saka Yapı Ürünleri Dış Ve İç Tic.A.Ş (Stoneline),
  • To private insurance companies in order to allocate fringe benefits to employees,
  • To occupational health and safety companies, physicians, hospitals and health institutions in order to fulfill emergency medical interventions and occupational health and safety obligations,
  • To suppliers and customers in order to ensure meeting the services of goods and services purchase, monitoring the related processes, to ensure contract activities,
  • To outsourcing companies in order to carry out software and application processes,
  • To carry out import and export transactions, to provide information to relevant public institutions, logistics companies and customers to ensure business continuity,
  • To independent audit companies, public institutions and business partners in order to sustain and perform audit activities,  
  • To lawyers, educational institutions and business partners in order to carry out training activities related to ensuring business continuity, to follow up and carry out legal processes,
  • To suppliers and business partners for the purpose of assessing the demands and complaints received through the promotion, advertisement, website, 
  • To business partners in order to carry out customer processes, 
  • To the contracted travel agency for the employees to carry out travel activities,
  • To the relevant supplier in order to make scoring calculations, to monitor input and output,
  • To be able to satisfy the demands of the authorized public institutions or organizations in case of disputes that may arise or in a judicial case that may occur,
  • To bank institutions in order to carry out wage policies, payment of salaries and financial processes, 
  • Are transferred within the specified purposes in order to inform the relevant public institutions within the framework of legal obligations.  
  1. SECURITY OF PERSONAL DATA

In order to ensure the security of personal data, reasonable measures are taken to prevent unauthorized access risks, accidental data loss, deletion of data or damage to data.

All necessary technical and physical measures are taken to prevent access to personal data by anyone other than those authorized to access it. Therefore, the authorization system is designed in such a manner that no one is able to access the personal data more than required within this context, Strict measures are taken while ensuring the security of sensitive personal data such as health data compared to others

The authorized persons are passed through the necessary security checks. Moreover, these people are trained about their duties and responsibilities.

Access records to personal data are kept to the extent technical facilities allow, and these records are reviewed regularly. In case of unauthorized access, an investigation is initiated immediately.

Saka Yapı Ürünleri Dış Ve İç Tic. A.S. (Stoneline) complies with the following obligations in order to ensure the security of the processed data:

  • To act in accordance with the law and in an honest manner in matters regarding the protection of personal data,
  • To process personal data accurately, in full and completely,
  • To carry out the necessary efforts to update personal data that is out of date,
  • To inform the relevant manager whenever any illegal situation is noticed in the processing of personal data,
  • To perform the necessary guidance to use the legal rights regarding personal data.
  1. LEGAL RIGHTS OD GROUP OF PEOPLE AND THE METHODS OF USE 

17.1. Rights Regarding Personal Data Under KVKK

The rights that can be exercised by group of people regarding personal data are included in Article 11 of the KVKK and are as follows:

  • To learn whether or not their personal data have been processed,
  • To request information on the processed data, if their personal data have been processed,
  • To know the purpose of processing their personal data and whether or not their personal data have been used in accordance with the stated purpose,
  • To know about the third parties at home and abroad, to which their personal data has been transferred,
  • To request for the correction of their personal data, if such data were processed incompletely or incorrectly,
  • To request the deletion or destruction of the personal data in accordance with the provisions of the relevant regulation
  • To request notification, to the third parties to whom your personal data are transferred, of the operations, if any, of rectification, erasure or destruction of your personal data,
  • To object to any consequence that may arise against himself/herself through the analysis of the processed data exclusively by means of automated systems,
  • To request for compensation of any damages incurred by himself/herself due to unlawful processing of personal data,
  1. PRINCIPLES ON THE EXERCISE OF RIGHTS RELATED TO PERSONAL DATA

In order to exercise the rights regarding personal data, individuals shall be able to apply by sending an e mail through the use of kvkk@stoneline.com.tr, sakayapi@hs01.kep.tr registered electronic mail (KEP) address, secure electronic signature, mobile signature or the registered e mail address registered in Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş (Stoneline) systems or using the Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) KVK Application Form available at www.stoneline.com.tr page   secure electronic signature, mobile signature or the registered e mail address registered in Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş (Stoneline) systems or using the Saka Yapı Ürünleri Dış Ve İç Tic. A.Ş. (Stoneline) KVK Application Form available at www.stoneline.com.tr  page. The applications made in this manner shall be responded within 30 days at the latest.

Our company finalizes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. Relevant persons shall be responded in writing or electronically within the legal periods. However, if the transaction in question requires additional cost, the fee in the tariff determined by the Personal Data Protection Board may be charged.

  1. ENFORCEMENT AND UPDATEABILITY

This Policy has entered into force on the date of publication. The policy may be updated in order to adapt to changing conditions and legislation. Information about the relevant update will be provided via www.stoneline.com.tr.

Join

JOIN OUR NEWSLETTER