{"id":16674,"date":"2023-08-30T12:27:45","date_gmt":"2023-08-30T09:27:45","guid":{"rendered":"https:\/\/demo.responsive.com.tr\/?page_id=16674"},"modified":"2025-12-01T16:04:22","modified_gmt":"2025-12-01T13:04:22","slug":"personal-data-protection-and-processing-policy-4","status":"publish","type":"page","link":"https:\/\/www.golfdondurma.com.tr\/en\/personal-data-protection-and-processing-policy-4\/","title":{"rendered":"Personal Data Protection and Processing Policy"},"content":{"rendered":"<div data-elementor-type=\"wp-page\" data-elementor-id=\"16674\" class=\"elementor elementor-16674\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2185ff3d elementor-section-full_width wd-section-stretch elementor-section-height-default elementor-section-height-default\" data-id=\"2185ff3d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-65694831 wd-elementor-sticky-column wd_sticky_offset_100\" data-id=\"65694831\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3c288020 elementor-widget elementor-widget-wd_mega_menu\" data-id=\"3c288020\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"wd_mega_menu.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"wd-menu widget_nav_mega_menu wd-nav-wrapper\">\n\t\t\t\t\t\t\t<h5 class=\"widget-title color-scheme-\">\n\t\t\t\t\tINSTITUTIONAL\t\t\t\t<\/h5>\n\t\t\t\t\t\t<ul id=\"menu-kurumsal\" class=\"menu wd-nav wd-nav-vertical wd-design-default\"><li id=\"menu-item-16659\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-16659 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/about-us\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">About Us<\/span><\/a><\/li>\n<li id=\"menu-item-16658\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-16658 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/cookie-policy-3\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Cookie Policy<\/span><\/a><\/li>\n<li id=\"menu-item-16673\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-privacy-policy menu-item-16673 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/kvkk-personal-data-protection-law-information-text\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Personal Data Protection Law (KVKK) Information Text<\/span><\/a><\/li>\n<li id=\"menu-item-16680\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-16680 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/personal-data-protection-and-processing-policy-4\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Personal Data Protection and Processing Policy<\/span><\/a><\/li>\n<li id=\"menu-item-19621\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-19621 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/information-society-services\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Information Society Services<\/span><\/a><\/li>\n<li id=\"menu-item-17943\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-17943 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/fsek\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">FSEK<\/span><\/a><\/li>\n<li id=\"menu-item-16660\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-16660 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/contact-us\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Contact Us<\/span><\/a><\/li>\n<\/ul>\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-38da8f3b\" data-id=\"38da8f3b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-76f2f308 color-scheme-inherit text-left elementor-widget elementor-widget-text-editor\" data-id=\"76f2f308\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>CHAPTER 1 \u2013 INTRODUCTION<br \/>1.1. INTRODUCTION<br \/>1.2. PURPOSE AND SCOPE OF THE POLICY<br \/>1.3. IMPLEMENTATION OF LEGISLATION<br \/>SECTION 2 \u2013 PROCESSING OF PERSONAL DATA<br \/>2.1. GENERAL PRINCIPLES FOR PROCESSING PERSONAL DATA<br \/>2.2. CONDITIONS FOR PROCESSING PERSONAL DATA<br \/>2.2.1. Processing of General Personal Data<br \/>2.2.2. Processing of Special Categories of Personal Data<br \/>CHAPTER 3 \u2013 PROTECTION OF PERSONAL DATA<br \/>3.1. SECURITY OF PERSONAL DATA<br \/>3.1.1. Lawful Processing of Data<br \/>3.1.2. Blocking Unlawful Access<br \/>3.1.3. Storing Personal Data in a Secure Environment<br \/>3.2. AUDIT REGARDING THE IMPLEMENTATION OF LEGAL PROVISIONS<br \/>3.3. UNAUTHORIZED DISCLOSURE OF PERSONAL DATA<br \/>CHAPTER 4 \u2013 MEASURES FOR THE PROTECTION OF PERSONAL DATA<br \/>CHAPTER 5 \u2013 TRANSFER OF PERSONAL DATA TO THIRD PARTIES<br \/>CHAPTER 6 \u2013 STORAGE OF PERSONAL DATA<br \/>6.1. LEGAL OBLIGATIONS OF THE COMPANY<br \/>6.2. DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA<br \/>6.2.1. Deletion of Personal Data<br \/>6.2.2. Destruction of Personal Data<br \/>6.2.3. Anonymization of Personal Data<br \/>6.3. PERSONAL DATA RETENTION PERIODS<br \/>6.4. PERSONAL DATA INVENTORY<br \/>CHAPTER 7 \u2013 RIGHTS OF THE DATA SUBJECT<br \/>7.1. RIGHTS OF THE DATA SUBJECT AND CONDITIONS FOR EXERCISING THESE RIGHTS<br \/>7.2. PROTECTION OF THE RIGHTS OF THE DATA SUBJECT<br \/>7.3. CASES WHERE THE DATA SUBJECT CANNOT ASSUME ANY RIGHTS<br \/>CHAPTER 8 \u2013 PROCESSING PERSONAL DATA OF JOB APPLICANTS<br \/>CHAPTER 9 \u2013 OPERATIONS CONDUCTED WITHIN THE COMPANY FACILITIES AND THROUGH ITS WEBSITE<br \/>PERSONAL DATA PROCESSING ACTIVITIES<br \/>9.1. CAMERA SURVEILLANCE CONDUCTED AT THE ENTRANCES AND INSIDE THE COMPANY&#039;S BUILDINGS AND FACILITIES.<br \/>ACTIVITY<br \/>9.2. MONITORING GUEST ENTRANCES AND EXITS AT THE COMPANY&#039;S BUILDING AND FACILITY ENTRANCES<br \/>9.3. RECORDS REGARDING INTERNET ACCESS PROVIDED TO THE COMPANY&#039;S GUESTS<br \/>STORAGE AND WEBSITE VISITORS<br \/>CHAPTER 10 \u2013 EFFECTIVE DATE AND UPDABILITY<br \/>Appendix 1: DEFINITIONS<br \/>APPENDIX 2: ABBREVIATIONS<\/p>\n<h3>CHAPTER 1 \u2013 INTRODUCTION<\/h3>\n<h4>1.1. INTRODUCTION<\/h4>\n<p>The Law No. 6698 on the Protection of Personal Data (\u201cKVKK\u201d) introduces important regulations regarding the protection and lawful processing of personal data. The protection of personal data is among the top priorities of Natura G\u0131da Sanayi ve Ticaret A.\u015e. (\u2019the Company\u201c).<\/p>\n<p>Our company data policy is based on exercising utmost care, particularly regarding access to individuals&#039; private lives and information, taking effective and deterrent measures in this regard; and being transparent with our customers, potential customers, visitors, company officials, all parties and institutions we cooperate with, in short, every person directly or indirectly connected to our company and whose data we process.<\/p>\n<p>With this Policy, our company defines and implements our rules regarding the processing of personal data within the framework of the principles of transparency and openness.<\/p>\n<h2>1.2. PURPOSE AND SCOPE OF THE POLICY<\/h2>\n<p>The primary purpose of this policy is to protect the fundamental rights and freedoms of individuals whose personal data is processed, particularly the right to privacy, and to ensure that all activities of our Company are carried out in accordance with the rules stated herein. The scope of the provisions of this policy includes the personal data of individuals whose data we process directly or indirectly.<\/p>\n<h4>1.3. IMPLEMENTATION OF LEGISLATION<\/h4>\n<p>In case of any inconsistency between the current legislation and our policy, the law shall apply.<br \/>The existing legislation will be applied first, and there will be no more specific objectives outside of this basic policy.<br \/>If there are other policies or regulations created on the same subject, priority will be given to private policies.<br \/>The provisions containing these regulations apply. Other policies and documents are not related to this policy and its provisions.<br \/>Provisions that conflict with the legislation shall not be applied.<\/p>\n<h3>SECTION 2 \u2013 PROCESSING OF PERSONAL DATA<\/h3>\n<h4>2.1. GENERAL PRINCIPLES FOR PROCESSING PERSONAL DATA<\/h4>\n<p>When processing personal data, the data must be obtained and processed in accordance with the law and principles of fairness. Our company processes data with the utmost care and control, in accordance with the law and principles of fairness.<\/p>\n<p>The data being processed must be accurate and up-to-date. Our company verifies the accuracy of the data at every processing level and makes the necessary preparations to ensure it is up-to-date when required.<\/p>\n<p>When processing data, it is essential to clearly specify which data is being processed, how much of it is being processed, the purpose of the processing, and whether it is lawful or legitimate. Our company processes data only for legitimate purposes and takes care to ensure that the data obtained during this processing is clearly defined. To prevent the misuse of the obtained information and to avoid misunderstandings, our company processes data in a clear and transparent manner.<\/p>\n<p>Data must be processed in a controlled manner that is consistent with, relevant to, limited to, and proportionate to the purpose for which it is processed. Our company processes data subjects&#039; data only in a proportionate manner, limited to and relevant to the purpose for which it is processed.<br \/><br \/>Personal data must be stored in accordance with the retention period stipulated in the relevant legislation or the period specified for the purpose for which it was processed. In this context, our company primarily retains personal data for the periods specified in the relevant legislation, if such a retention period is stipulated. If no retention period is specified in the legislation, or if there is no legal reason requiring longer retention, our company retains personal data for as long as necessary for the purpose for which it was processed. In this way, the security of data subjects is maximized.<br \/>This is ensured. (See Section 6.4 for details). In accordance with this policy and all relevant legislation, our employees acting as data processors are subject to an unlimited confidentiality obligation regarding personal data.<\/p>\n<h3>2.2. CONDITIONS FOR PROCESSING PERSONAL DATA<\/h3>\n<h4>2.2.1. Processing of General Personal Data<\/h4>\n<p>All personal data processed by our company that does not fall into the category of special categories of personal data is categorized as general categories of personal data.<\/p>\n<p>Personal data cannot be processed without the explicit consent of the data subject. However, processing of personal data without the explicit consent of the data subject is possible if any of the following conditions exist:<\/p>\n<p>a) Explicitly provided for in the laws<br \/>b) If the person is unable to express their consent due to factual impossibility or if their consent is not legally valid, and it is necessary for the protection of their own life or the life or physical integrity of another person.<br \/>c) The processing of personal data of the parties to a contract is necessary provided that it is directly related to the establishment or performance of the contract.<br \/>d) It is necessary for the data controller to fulfill its legal obligations.<br \/>e) It must have been made public by the person concerned themselves.<br \/>f) Data processing is necessary for the establishment, exercise or protection of a right.<br \/>g) The processing of data is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.<\/p>\n<h4>2.2.2. Processing of Special Categories of Personal Data<\/h4>\n<p>Data relating to a person&#039;s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data, are considered special categories of personal data.<\/p>\n<p>Processing sensitive personal data without the explicit consent of the data subject is prohibited.<br \/>Personal data other than those related to health and sexual life, as listed in the first paragraph, may be processed without the explicit consent of the data subject in cases stipulated by law.<\/p>\n<p>Our company obtains the explicit consent of data subjects when processing and storing sensitive personal data, including records of private health problems.<\/p>\n<p>Personal data relating to health and sexual life may only be processed by persons or authorized institutions and organizations bound by an obligation of confidentiality, without seeking the explicit consent of the data subject, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of health services and their financing.<\/p>\n<p>When processing special categories of personal data, it is also mandatory to take adequate measures as determined by the Personal Data Protection Board.<\/p>\n<h3>CHAPTER 3 \u2013 PROTECTION OF PERSONAL DATA<\/h3>\n<h4>3.1. SECURITY OF PERSONAL DATA<\/h4>\n<p>Our company, in accordance with Article 12 of the Law on the Protection of Personal Data, acts as the Data Controller;<\/p>\n<ul>\n<li>To prevent the unlawful processing of personal data.,<\/li>\n<li>To prevent unlawful access to personal data,<\/li>\n<li>To ensure the protection of personal data, companies must take all necessary technical and administrative measures to provide an appropriate level of security.<\/li>\n<\/ul>\n<p>Our company takes all necessary technical and administrative measures, considering technological capabilities and implementation costs, to ensure the lawful processing of personal data. Personal data learned by data controllers and data processors cannot be disclosed to others or used for purposes other than the processing purpose, in violation of the provisions of this law.<\/p>\n<p>Company personnel have received the necessary training on technical matters; awareness is raised among employees in this area, and audits are conducted. This ensures the employment of knowledgeable personnel within the company. Our company&#039;s relevant department and our contracted legal consultancy firm work in coordination on this matter.<\/p>\n<h4>3.1.1. Lawful Processing of Data<\/h4>\n<p>The main technical measures taken by our company to ensure the lawful processing of personal data are as follows:<br \/>The administrative measures are as follows:<br \/>\u2022 Personal data processing activities carried out within our company are performed using technical systems.<br \/>It is being monitored and reported to the relevant parties.<br \/>\u2022 Personal data processing activities carried out by our company&#039;s business units and this<br \/>compliance of the activities with the personal data processing conditions required by Law No. 6698<br \/>The requirements to be fulfilled for this purpose belong to each department and relevant unit.<br \/>It is determined based on the specific activity it carries out.<br \/>\u2022 Ensuring legal compliance and the procedure prepared for the relevant departments.<br \/>compliance, continuity and monitoring; administrative measures, internal company policies and training<br \/>It is implemented through this method.<br \/>3.1.2. Blocking Unlawful Access<br \/>Our company does not condone the careless or unauthorized disclosure or access of personal data.,<br \/>data to be protected to prevent its transfer or any other unlawful access<br \/>It takes technical and administrative measures according to its nature.<br \/>The main technical and administrative measures taken by our company to prevent unlawful access to personal data are:<br \/>The measures are as follows:<br \/>\u2022 Access and authorization technical solutions and technical measures taken periodically<br \/>The issues that pose risks are being reported, reassessed, and the necessary technological measures are being implemented.<br \/>Solutions are being developed. These include logging, antivirus systems, and firewalls.<br \/>Software and hardware are being installed.<br \/>\u2022 We employ staff who are knowledgeable in technical matters.<br \/>\u2022 Personal data within the company in accordance with legal compliance requirements based on business unit.<br \/>Access and authorization processes are being designed and implemented.<br \/>\u2022 Employees shall process the personal data they learn in accordance with the provisions of the Personal Data Protection Law and<br \/>not to disclose to others and the purpose of processing contrary to all other relevant legislation<br \/>they cannot use it outside of this scope and this obligation continues even after they leave their positions.<br \/>6<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>They are being informed that this will continue and are being asked to provide the necessary information accordingly.<br \/>Commitments are being obtained.<br \/>\u2022 To whom personal data has been lawfully transferred by our company<br \/>contracts concluded; persons to whom personal data is transferred, protection of personal data<br \/>provisions are added regarding taking the necessary security measures for this purpose and\/or<br \/>Mutual agreements are being signed.<br \/>3.1.3. Storing Personal Data in a Secure Environment<br \/>Our company ensures that personal data is stored in secure environments and not destroyed for unlawful purposes.<br \/>necessary technical and administrative measures to prevent its destruction, loss or alteration<br \/>The main measures taken by our company to store personal data in secure environments are as follows:<br \/>The technical and administrative measures are as follows:<br \/>\u2022 In line with technological advancements, personal data is stored in secure environments.<br \/>systems are used.<br \/>\u2022 We employ staff who are experts in technical matters.<br \/>\u2022 Technical security systems are being installed for the storage areas, and the technical information received...<br \/>The measures are reported to the relevant parties, and issues posing a risk are re-evaluated.<br \/>The necessary technological solution is being developed.<br \/>\u2022 To ensure the secure storage of personal data in accordance with the law<br \/>Backup programs are used in this manner.<br \/>\u2022 Non-digital data is kept in locked cabinets and accessed only by authorized personnel.<br \/>will be accessible by individuals.<br \/>3.2. AUDIT REGARDING THE IMPLEMENTATION OF LEGAL PROVISIONS<br \/>In accordance with Article 12, paragraph 3 of the Law on the Protection of Personal Data, the Data Controller shall...<br \/>in its institution or organization, necessary to ensure the implementation of the provisions of this law.<br \/>They are obliged to conduct or have conducted the inspections.<br \/>Our company and our contracted legal consultancy firm are responsible for establishing the data security described above.<br \/>and conducts the necessary inspections to ensure the regularity and continuity of the measures taken.<br \/>and\/or commissions. These audit results are relevant to the subject within the scope of our company&#039;s internal operations.<br \/>It is reported to the department or management, and necessary measures are taken to improve the situation.<br \/>Our activities comply with the Personal Data Protection Law and other relevant legislation, as well as this company policy.<br \/>It is carried out in this way.<br \/>Our company prohibits the unlawful processing of personal data, and the unlawful use of data.<br \/>to raise awareness about preventing unauthorized access and ensuring data protection<br \/>organizing necessary training for business units; conducting trainings, seminars and sessions.<br \/>Our company provides this through [the relevant channels]. Our company adapts to the updating of the relevant legislation.<br \/>They are updating and renewing their training. Regarding the protection of personal data...<br \/>Systems necessary for raising awareness are being established, and our company is conducting audits related to this issue.<br \/>This is handled by the relevant department and our contracted legal consultancy firm.<br \/>The project aims to raise awareness regarding the protection and processing of personal data.<br \/>Training results are reported to our company, and our company participates in these trainings.<br \/>It is mandated and controlled by [the relevant authorities].<br \/>7<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>3.3. UNAUTHORIZED DISCLOSURE OF PERSONAL DATA<br \/>Regarding crimes related to the unauthorized disclosure of personal data, Article 135 of the Turkish Penal Code No. 5237 applies.<br \/>The provisions of Article 140 and all relevant legislation shall apply. The provisions of all relevant legislation shall apply.<br \/>This information is provided to employees and relevant individuals by our company. Those who record personal data unlawfully,<br \/>Anyone who unlawfully gives, disseminates, or obtains personal data belonging to another person, violates the law.<br \/>Even though the specified periods have passed, they have not deleted the data from the system and have not retained Personal Data.<br \/>In violation of Article 7, Section 3 of the Protection Law; the storage of personal data or<br \/>Companies that do not delete personal data even though the reasons justifying its processing have ceased to exist, or<br \/>Individuals who fail to remain anonymous are subject to imprisonment under Article 138 of the Turkish Penal Code.<br \/>will be punished with a penalty. Deletion, destruction or anonymization of personal data<br \/>The procedures and principles regarding its introduction are regulated by regulation.<br \/>According to the amendments made to the Turkish Penal Code, personal data is used unlawfully.<br \/>Anyone who gives this data to another person, unlawfully disseminates or obtains this data shall be sentenced to two to four years in prison.<br \/>punishable by imprisonment, but also benefiting from the advantages provided by a particular profession or art.<br \/>A person who commits this crime by exploiting personal data shall be punished under the aggravated form of the crime.<br \/>companies that commit the crime of viewing, obtaining or hacking data without authorization to process it<br \/>The employee will be reported to the data subject, the public prosecutor&#039;s office and relevant authorities without delay, and action will be taken against him\/her.<br \/>The necessary procedures will be carried out and the perpetrator will be punished for the aggravated form of the crime.<br \/>According to the provision regulated under the heading of Offenses in the Law on the Protection of Personal Data<br \/>Those who fail to fulfill their obligation to inform or their obligations regarding data security,<br \/>Those who fail to comply with the decisions made by the Board or who are not registered in the Data Controllers Registry<br \/>Those who fail to comply with the notification obligation will also be subject to administrative fines.<br \/>CHAPTER 4 \u2013 MEASURES FOR THE PROTECTION OF PERSONAL DATA<br \/>To ensure the implementation of our Company&#039;s Personal Data Protection and Processing Policy,<br \/>It creates a management structure.<br \/>To manage this Policy and other policies related to and connected with this Policy within the company.<br \/>A committee is being established. The committee&#039;s duties are listed below:<br \/>\u2022 Basic policies regarding the protection and processing of personal data, and where necessary.<br \/>to prepare changes to these policies<br \/>\u2022 Implementation and application of policies regarding the protection and processing of personal data.<br \/>to decide how the follow-up will be carried out<br \/>\u2022 To assign and coordinate internal company tasks.<br \/>\u2022 Measures to be taken to ensure compliance with the Personal Data Protection Law and related legislation.<br \/>to identify the necessary issues and ensure their implementation<br \/>\u2022 Protection and processing of Personal Data within the Company and in cooperation with the Company<br \/>to raise awareness among the institutions it works with and to organize trainings in this context.<br \/>\u2022 Identifying and taking necessary measures against potential risks in the company&#039;s personal data processing activities.<br \/>to ensure that measures are taken<br \/>\u2022 To resolve data subject applications at the highest level.<br \/>\u2022 To monitor developments and regulations regarding the protection of personal data and<br \/>taking the necessary actions<br \/>In addition to these tasks, the committee also performs other duties assigned by senior management.<br \/>All its activities are carried out with the approval of senior management.<br \/>8<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>Our company, together with its contracted legal consultancy firm and the Personal Data Protection Board...<br \/>designating a contact person for communication and notifying them during registration.<br \/>is responsible. The contact person(s) are assigned to perform this task within our company.<br \/>is a natural person who is a member of the department(s).<br \/>Our company defines the function of the contact person as communication in accordance with the Data Controllers Registry Regulation.<br \/>As a key point, requests that data subjects will direct to the data controller should be processed quickly and effectively.<br \/>It has limited the processing of personal data to ensuring that it is answered.<br \/>Providing the quickest and most clear answers to owners&#039; problems or questions.<br \/>This is intended, but the contact person is not legally authorized to represent the data controller. This<br \/>For reasons other than providing information, the company contacts the data owner or contact person.<br \/>to answer the relevant party&#039;s questions in a legally compliant manner and to represent our company in this matter.<br \/>Our company contact person has no duties or authority other than providing information.<br \/>as soon as it is informed by, the authorized department appointed by our company<br \/>or the institution will take action regarding the issue as soon as possible and the necessary procedures will be followed.<br \/>will be carried out. During these processes, the personal data owner or the relevant person will be aware of all these processes and<br \/>They will be informed about the procedures and, if necessary, our company&#039;s authorized department or institution will be contacted.<br \/>Interviews will be conducted with the data owner or relevant individuals by [the relevant party].<br \/>CHAPTER 5 \u2013 TRANSFER OF PERSONAL DATA TO THIRD PARTIES<br \/>Our company, in accordance with Article 10 of the Personal Data Protection Law, lists the groups of individuals to whom personal data is transferred.<br \/>It informs the personal data owner.<br \/>Our company manages data in accordance with a policy compliant with Articles 8 and 9 of the Personal Data Protection Law (KVKK).<br \/>Personal data of the owners may be transferred to the following categories of individuals: The company&#039;s;<br \/>\u2022 To business partners<br \/>\u2022 To their suppliers<br \/>\u2022 To community companies<br \/>\u2022 To its shareholders<br \/>\u2022 To the authorities<br \/>\u2022 Legally authorized public institutions and organizations<br \/>\u2022 The aforementioned individuals to whom the transfer is made are legally authorized private legal entities.<br \/>The scope and purposes of data transfer are stated below:<br \/>Category Definition Data Transfer Purpose<br \/>Community<br \/>Companies<br \/>Jobs related to our company<br \/>It defines their partnerships. Business<br \/>Our partners are listed in the appendix.<br \/>It has been explained.<br \/>All types of commercial activities requiring company participation<br \/>to ensure the implementation of organizational measures<br \/>Shareholders are the individuals who own shares in the Company.<br \/>people<br \/>According to the relevant legal provisions, law, activity<br \/>within the scope of management and corporate communication processes<br \/>for the purpose of carrying out activities and with these activities<br \/>limited<br \/>Company Officials Company Board Members<br \/>and other authorized natural persons<br \/>According to the relevant legislation, the company&#039;s commercial<br \/>designing strategies related to activities, top<br \/>ensuring management and control at the level<br \/>limited to their purposes<br \/>Legally Authorized<br \/>Public Institutions<br \/>and Organizations<br \/>To the relevant legal provisions<br \/>information and documents from the company<br \/>public institutions authorized to receive<br \/>and organizations<br \/>Legal authority of the relevant public institutions and organizations<br \/>limited to the purpose it requested within<br \/>Legally Authorized<br \/>Private Law<br \/>People<br \/>To the relevant legal provisions<br \/>information and documents from the company<br \/>Within the legal authority of the relevant private legal entities<br \/>limited to the purpose it requested<br \/>9<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>private law authorised to acquire<br \/>people<br \/>Suppliers<br \/>The company&#039;s commercial activities<br \/>while executing the company&#039;s orders<br \/>in accordance with the instructions<br \/>contract-based to the company<br \/>service providers<br \/>The company procures from the supplier and the company&#039;s commercial and<br \/>to carry out organizational activities<br \/>in order to provide the necessary services<br \/>CHAPTER 6 \u2013 STORAGE OF PERSONAL DATA<br \/>6.1. LEGAL OBLIGATIONS OF THE COMPANY<br \/>Our company complies with Article 7 of the Law No. 6698 on the Protection of Personal Data and the Turkish Penal Code No. 5237.<br \/>Processed in accordance with the explanations in Article 138 of the Law, and subsequently processed and stored.<br \/>Personal data whose purpose has ceased to exist, rights arising from the Turkish Commercial Code, and all related matters.<br \/>the rights granted by the provisions of legislation and the principles set forth in this policy (See section<br \/>2.2.1 (f) and (g)) by the decision it will make or in the interests of our company in its commercial life<br \/>In accordance with the Personal Data Protection Law, with the explicit request of the data owner, in a way that will not cause harm.<br \/>As stated in Article 7, it deletes, destroys, or anonymizes.<br \/>6.2. DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA<br \/>6.2.1. Deletion of Personal Data<br \/>The deletion of personal data is stipulated in Article 8 of the regulation as follows: &quot;personal data shall be deleted for the relevant users.&quot;<br \/>&quot;It is the process of making it completely inaccessible and unusable.&quot;<br \/>Personal data is defined and can be deleted using the following methods:<br \/>Application-as-a-Service Cloud Solutions<br \/>Data in the cloud system is deleted by issuing a delete command. The relevant parties are involved in this process.<br \/>Users do not have the authority to recover deleted data from the cloud system.<br \/>Personal Data in Paper Format<br \/>Personal data in paper format is deleted using the redaction method. The redaction method...,<br \/>Personal data on the relevant documents should be omitted where possible, and where not possible...<br \/>In these cases, the fixed parts are irreversible and cannot be read using technological solutions.<br \/>This is done by using ink to make the relevant users invisible.<br \/>Office files located on the central server.<br \/>The file is deleted using the delete command in the operating system, or the file or the file located therein is deleted.<br \/>The relevant user&#039;s access rights are revoked on the directory.<br \/>Personal Data Contained on Portable Media<br \/>Personal data on flash-based storage media is stored encrypted and in accordance with regulations suitable for these media.<br \/>It is deleted using software.<br \/>Databases<br \/>The relevant rows containing personal data are deleted using database commands. This process...<br \/>The person who performed this action is not the database administrator.<br \/>10<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>6.2.2. Destruction of Personal Data<br \/>The destruction of personal data is stated in Article 9 of the regulation as follows: &quot;No one shall disclose personal data...&quot;<br \/>making it completely inaccessible, irretrievable, and unusable<br \/>Personal data is defined as &quot;the process.&quot; Personal data can be destroyed using the following methods:<br \/>Physical Destruction<br \/>Personal data may be recorded in a non-automated manner as part of a data recording system.<br \/>It can also be processed through these methods. When such data is destroyed, personal data is subsequently recovered.<br \/>The practice involves physically destroying the vehicle in a way that renders it unusable.<br \/>Demagnetization<br \/>Magnetic media is passed through a special device and exposed to a high-strength magnetic field.<br \/>It is the process of rendering the data on a device unintelligible and unreadable by leaving it lying around.<br \/>Paper Media<br \/>The destruction processes in this environment reach unimaginable proportions with paper shredding and cutting machines.<br \/>It is a method of bringing them in and destroying them.<br \/>6.2.3. Anonymization of Personal Data<br \/>The anonymization of personal data is defined in Article 10 of the regulation as &quot;personal data being transferred to other parties&quot;.<br \/>Even if matched with data, under no circumstances should it be used to identify a specific or identifiable natural person.<br \/>It is defined as &quot;making it impossible to link the data to the following.&quot; Personal data includes the following:<br \/>It can be anonymized using the following methods:<br \/>Masking Method<br \/>By removing or deleting the distinctive titles or characteristics of the data subjects whose data is being processed<br \/>It is a method of anonymization provided.<br \/>Example: Extracting information that identifies the data subject, such as Turkish National Identity Number (TC Kimlik No).<br \/>preventing the identification of the data subject through this method<br \/>Data Shuffling Permutation<br \/>This method replaces some of the information of data owners whose data is within the system.<br \/>The aim is to anonymize the data by modifying it.<br \/>Example: In employee information, alongside the data considered as the main category, there are also sub-categories.<br \/>Ensuring the data owner cannot be identified by altering the information.<br \/>Data Derivation Method<br \/>Adding or subtracting certain amounts from the variables in the data within the system.<br \/>This process ensures that the information becomes undetectable or unidentifiable.<br \/>Example: Instead of providing a detailed description of the domicile of the personal data owner whose data is being processed, providing the address where they live.<br \/>specifying the neighborhood or district<br \/>Aggregation Method<br \/>This is a method of converting relevant personal data from a specific value to a general value. With this method, data...<br \/>generalizations are being made and personal data is being rendered incapable of being linked to any single individual.<br \/>This is done by providing an example: Instead of listing the neighborhoods where employees live one by one, X is provided.<br \/>It is stated that Y number of employees live in the neighborhood.<br \/>11<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>One or more of the anonymization methods described above are subject to all relevant legislation and regulations.<br \/>In accordance with the interests of our company in business, this policy is adopted by the company.<br \/>The selection will be made by the committee established to ensure its implementation. Details regarding the committee are available.<br \/>This information was explained in the previous section. (See Chapter 4)<br \/>The anonymization method to be chosen will be determined by the committee taking into consideration the following:<br \/>This will be determined by taking the following:<br \/>\u2022 Data quality<br \/>\u2022 Data size<br \/>\u2022 The nature of data&#039;s presence in physical environments<br \/>\u2022 Data diversity<br \/>\u2022 The purpose of data processing<br \/>The anonymization process is governed by the retention periods and personal data inventory outlined in this policy.<br \/>It will be carried out in parallel with the principles stated in the sections.<br \/>6.3. PERSONAL DATA RETENTION PERIODS<br \/>Our company maintains its personal data inventory in accordance with the timeframes stipulated in all relevant legislation.<br \/>It stores data.<br \/>If there is no time limit specified in the relevant legislation regarding these periods<br \/>Our company operates in accordance with the customs, laws, and regulations of the sector in which it operates.<br \/>provided that personal data is collected within the timeframes determined by our company in accordance with its interests.<br \/>It stores the data; when storage is no longer necessary, the data is stored as described above.<br \/>They are deleted, destroyed, or anonymized in various ways.<br \/>The purpose for processing and storing personal data has ceased to exist, and all relevant provisions regarding personal data...<br \/>in accordance with the legislation and the principles set forth in this policy by our company (See Section 2.2.1 (f) and<br \/>If the periods determined pursuant to (g)) have expired, in any legal disputes that may arise in the future<br \/>Personal data may also be stored for use in other ways. The personal data mentioned in this section...<br \/>It is kept for use only in legal disputes and for no other purpose.<br \/>unusable. In accordance with the above explanations, our company may, foreseeably<br \/>All necessary precautions and measures are being taken.<br \/>For example, a lawsuit against an employee who leaves the workplace, arising from the unfair termination of the contract.<br \/>In order to determine the competent court in the case to be filed, the employee&#039;s place of residence must be considered.<br \/>This includes using the information in the data system to make the identification.<br \/>It can be evaluated. (The scope of the above explanations is not limited to the example given.)<br \/>6.4. PERSONAL DATA INVENTORY<br \/>Personal Data Inventory, in accordance with the Personal Data Protection Law (KVKK) and the Regulation on the Registry of Data Controllers.<br \/>data collected and processed separately in each department within our company,<br \/>As explained above, the deletion, destruction, and anonymization process complies with legislation and the company.<br \/>carried out in accordance with its policy and which can be submitted to the Personal Data Protection Authority when necessary.<br \/>It refers to data (MS Word, Excel, etc.).<br \/>According to the definition in the regulation, the following must be included in a personal data inventory:<br \/>They are listed as follows:<br \/>12<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>\u2022 Purposes of personal data processing<br \/>\u2022 Data category<br \/>\u2022 Created by associating the transferred recipient group and data subject group, and personalized.<br \/>maximum time periods required for data processing<br \/>\u2022 Personal periods planned for transfer to foreign countries<br \/>\u2022 Measures taken regarding data security<br \/>Taking the criteria mentioned above into consideration, the following will be done with regard to personal data:<br \/>Information regarding transactions will be collected in the relevant inventory. The inventory content will comply with our company&#039;s legal requirements and...<br \/>in accordance with the legislation and in their own interests, using digital media such as MS Word and Excel<br \/>Content that cannot be stored digitally is stored in paper format.<br \/>It can also be hidden.<br \/>The processes of deleting, destroying, and anonymizing personal data described in Section 6 are carried out by our company.<br \/>personal data inventory by or by an authorized representative of our company<br \/>is carried out.<br \/>If there are provisions in the relevant legislation regarding the procedure for preparing the Personal Data Inventory, then personal data<br \/>The inventory will be prepared by our company in accordance with these provisions. Personal Data<br \/>In cases where there are no provisions in the relevant legislation regarding the procedure for preparing the inventory, our company,<br \/>personal data inventory, taking into account its own internal work discipline and internal work processes<br \/>They are free to choose which method to use for preparation.<br \/>CHAPTER 7 \u2013 RIGHTS OF THE DATA SUBJECT<br \/>7.1. RIGHTS OF THE DATA SUBJECT AND CONDITIONS FOR EXERCISING THESE RIGHTS<br \/>Our company evaluates the rights of personal data owners and provides information to personal data owners.<br \/>In order to provide the necessary information, in accordance with Article 13 of the Personal Data Protection Law...<br \/>It implements the necessary channels, internal procedures, administrative and technical arrangements accordingly.<br \/>Data subjects may submit their requests regarding the rights listed below to our company in writing.<br \/>If they submit the request, our company will process the request free of charge within a maximum of thirty days, depending on the nature of the request.<br \/>This concludes the matter. However, the Personal Data Protection Board prescribes a fee.<br \/>In this case, our company will request the personal data from the applicant as determined by the Personal Data Protection Board.<br \/>The fee specified in the tariff will be charged. Personal data owners;<br \/>\u2022 To find out if your personal data is being processed<br \/>\u2022 Requesting information regarding the processing of personal data.<br \/>\u2022 The purpose of processing personal data and whether it is used appropriately for that purpose.<br \/>learning<br \/>\u2022 Knowing the third parties to whom personal data is transferred, whether domestically or internationally.<br \/>\u2022 Requesting the correction of personal data if it has been processed incompletely or inaccurately.<br \/>and notifying third parties to whom personal data has been transferred of the process carried out within this scope.<br \/>request<br \/>\u2022 Processed in accordance with the Personal Data Protection Law and other relevant laws.<br \/>However, personal data may be processed if the reasons requiring its processing cease to exist.<br \/>the right to request the deletion or destruction of data and the processing of such data shall be considered personal.<br \/>requesting that third parties to whom the data has been transferred be notified<br \/>13<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>\u2022 By analyzing the processed data exclusively through automated systems.<br \/>objection to an outcome that is detrimental to oneself<br \/>\u2022 In case of damage suffered due to the unlawful processing of personal data<br \/>They have the right to claim compensation for the damage.<br \/>In accordance with Article 13 of the Personal Data Protection Law, personal data owners have the right to use the information mentioned above.<br \/>Requests regarding the exercise of their stated rights must be submitted &quot;in writing&quot; or via the Personal Data Protection Law.<br \/>They must submit it to our Company through other methods determined by the Board.<br \/>Right of Access to Personal Data<br \/>Individuals have the right to access their personal data free of charge. The company<br \/>its legitimate right to retain the data and its interest in it is governed by the Personal Data Protection Law and related legislation.<br \/>It is protected under this scope; the right to modify and delete is observed. Our company provides the relevant person with;<br \/>\u2022 To find out whether your personal data is being processed.<br \/>\u2022 Requesting information regarding the processing of personal data.<br \/>\u2022 The purpose for which your personal data is processed and whether it will be used in accordance with that purpose.<br \/>learning that it is not being used<br \/>\u2022 The desire to know the third parties to whom personal data is transferred, whether domestically or internationally.<br \/>It provides information that they have the right to be there.<br \/>Right to Modify or Delete Your Personal Data<br \/>Individuals have the right to modify or delete their personal data without incurring any fee.<br \/>It is located there. In this context, the relevant person;<br \/>\u2022 Correction of personal data if it has been processed incompletely or inaccurately.<br \/>request<br \/>\u2022 Personal data will be processed if the reasons requiring its processing cease to exist.<br \/>requesting the deletion or destruction of data<br \/>\u2022 The aforementioned correction, deletion, or destruction processes affect your personal data.<br \/>requesting that the third parties to whom it has been transferred be notified and<br \/>\u2022 By analyzing the processed data exclusively through automated systems.<br \/>They have the right to appeal against an unfavorable outcome.<br \/>In accordance with the Personal Data Protection Law, personal data must be accurate and up-to-date when necessary.<br \/>There is an obligation to ensure that personal data is accurate and up-to-date.<br \/>For the purposes of keeping records, the relevant party must inform our company of any changes to the current situation.<br \/>This is necessary unless the data change is notified to our company in writing by the relevant person.<br \/>Any damage that has arisen or may arise due to the failure to update the data and<br \/>Our company is not responsible for the sanctions.<br \/>7.2. PROTECTION OF THE RIGHTS OF THE DATA SUBJECT<br \/>According to Article 12 of the Personal Data Protection Law, the data controller is:;<br \/>\u2022 To prevent the unlawful processing of personal data,<br \/>\u2022 To prevent unlawful access to personal data and<br \/>\u2022 To ensure the protection of personal data, an appropriate level of security is provided.<br \/>It must take all necessary technical and administrative measures to achieve this.<br \/>14<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>In accordance with the relevant law, our company may not share personal data with another natural person or another party acting on its behalf.<br \/>If the crime is committed by a legal entity, the measures specified in the first paragraph shall be taken.<br \/>These individuals are jointly and severally liable. Our company, through its own institution or...<br \/>to ensure the implementation of these legal provisions in its establishment, the necessary audits<br \/>is doing.<br \/>This provision shall be added by the company to all contracts, commitments, and agreements.<br \/>The policy&#039;s Section 5 has been shared with those who can transfer the data; practical impossibility.<br \/>contract or agreement due to: or because it is not in accordance with the ordinary course of life<br \/>In cases where the text cannot be generated, this policy can be found on the naturagida.com.tr website.<br \/>It is visible because it has been made public.<br \/>7.3. CASES WHERE THE DATA SUBJECT CANNOT ASSUME ANY RIGHTS<br \/>Data subjects may exercise their rights under Article 28 of the Personal Data Protection Law in the following cases:<br \/>Since they are excluded from the scope of the relevant law, personal data owners have the right to make the following statements regarding these matters:<br \/>They cannot assert their rights:<br \/>\u2022 Personal data is used for research and planning through official statistics and anonymization.<br \/>and processing for purposes such as statistics.<br \/>\u2022 Personal data related to national defense, national security, public safety, public order,<br \/>not to violate economic security, privacy or personal rights or commit a crime<br \/>provided that it does not constitute an act of art, history, literature or science, or expression.<br \/>processing within the scope of freedom<br \/>\u2022 Personal data may be used to protect national defense, national security, public safety, public order, or<br \/>public institutions that have been given duties and powers by law to ensure economic security.<br \/>preventive, protective and intelligence activities carried out by institutions and organizations<br \/>processing within the scope of and<br \/>\u2022 Personal data relating to investigation, prosecution, trial or execution proceedings<br \/>committed by judicial authorities or enforcement agencies<br \/>In accordance with Article 28 of the Law on the Protection of Personal Data; personal data may be collected in the following cases:<br \/>Data owners cannot exercise any rights other than the right to claim compensation for damages.<br \/>\u2022 Personal data processing is necessary for the prevention of crime or for criminal investigation.<br \/>being<br \/>\u2022 Processing of personal data that has been made public by the data subject.<br \/>\u2022 Personal data processing is carried out by authorized and competent public authorities based on the authority granted by law.<br \/>auditing by institutions and organizations and professional organizations with the status of public institutions<br \/>or the performance of regulatory duties and disciplinary investigation or prosecution<br \/>necessary for<br \/>CHAPTER 8 \u2013 PROCESSING PERSONAL DATA OF JOB APPLICANTS<br \/>Personal data collected from job applicants during the recruitment process, as well as special data collected according to the nature of the job.<br \/>Qualified personal data is processed by the Company for the purposes stated and listed below:<br \/>\u2022 The candidate&#039;s qualifications, experience, and interests are suitable for the open position.<br \/>to evaluate<br \/>15<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>\u2022 If necessary, verify the accuracy of the information provided by the job applicant.<br \/>or contact third parties to research the job applicant<br \/>\u2022 To contact the job candidate regarding the application and recruitment process, or if appropriate<br \/>If so, for any position subsequently opened domestically or internationally<br \/>contact the candidate<br \/>\u2022 To meet the requirements of relevant legislation or the requests of authorized institutions or organizations.<br \/>\u2022 To develop and improve the recruitment principles applied by our company.<br \/>Job applicants&#039; personal data may be collected through the following methods and means:<br \/>\u2022 Digital application form published in written or electronic format<br \/>\u2022 Job applicants can contact the Company via email, mail, referrals, and similar methods.<br \/>resumes they submitted<br \/>\u2022 Employment or consulting companies; Job seekers also have data as their data subjects.<br \/>They will be able to submit their claims regarding their rights arising from this situation using the method described.<br \/>\u2022 Interviews conducted via video conference, telephone, or in person.<br \/>\u2022 To verify the accuracy of the information provided by the job applicant.<br \/>audits and investigations conducted by the company<br \/>\u2022 Skills and abilities assessed and analyzed by experienced experts.<br \/>recruitment tests that identify personality traits<br \/>CHAPTER 9 \u2013 OPERATIONS CONDUCTED WITHIN THE COMPANY FACILITIES AND THROUGH ITS WEBSITE<br \/>PERSONAL DATA PROCESSING ACTIVITIES<br \/>Personal data processing carried out by the company at building entrances and within the premises.<br \/>its activities are in accordance with the Constitution, the Personal Data Protection Law, and other relevant legislation.<br \/>is being carried out.<br \/>For security purposes, the company provides security in its buildings and facilities.<br \/>Personal data processing for monitoring guest entry and exit through camera surveillance activities.<br \/>Activities are being carried out.<br \/>By using security cameras and recording guest entries and exits.<br \/>The company has engaged in personal data processing activities.<br \/>9.1. CAMERA SURVEILLANCE CONDUCTED AT THE ENTRANCES AND INSIDE THE COMPANY&#039;S BUILDINGS AND FACILITIES.<br \/>ACTIVITY<br \/>This section will provide explanations regarding the Company&#039;s camera surveillance system and personal information.<br \/>how data, privacy and fundamental rights of the individual are protected<br \/>Information will be provided. The company&#039;s activities include security camera surveillance;<br \/>such as protecting the interests of the company and other individuals in ensuring their safety<br \/>It has purposes.<br \/>The camera surveillance activity carried out by the company is related to Private Security Services.<br \/>It is conducted in accordance with the law and relevant regulations.<br \/>16<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>The company&#039;s use of cameras for security purposes complies with GDPR regulations.<br \/>We are acting in accordance with the regulations contained in the law. The company, building and<br \/>in order to ensure security in the facilities, in accordance with the relevant legislation in force<br \/>for the intended purposes and in accordance with the personal data processing conditions stipulated in the Personal Data Protection Law.<br \/>It is engaged in security camera monitoring activities.<br \/>In accordance with Article 10 of the Personal Data Protection Law, the company informs the personal data owner...<br \/>This is being illuminated. The company provides general information through camera surveillance.<br \/>It provides notification regarding monitoring activities through multiple methods. Thus,<br \/>to prevent harm to the fundamental rights and freedoms of the personal data owner,<br \/>The aim is to ensure transparency and inform the data subject.<br \/>Regarding the company&#039;s camera surveillance activities, the company&#039;s website states the following:<br \/>This Policy is published (online policy regulation) and monitoring is carried out.<br \/>Notices are posted at the entrances to the areas stating that monitoring will be carried out (on-site).<br \/>lighting).<br \/>In accordance with Article 4 of the Personal Data Protection Law, the company processes personal data for the purposes for which they are processed.<br \/>It operates in a connected, limited, and measured manner.<br \/>The purpose of the company&#039;s video surveillance activity is this.<br \/>It is limited to the purposes listed in the policy. Accordingly, security camera monitoring<br \/>The areas, number, and timing of monitoring are sufficient to achieve the security objective.<br \/>It is implemented only for this purpose. The security of the individual&#039;s privacy.<br \/>in areas where interference that goes beyond their intended purpose may result (for example, in toilets)<br \/>It is not subject to monitoring.<br \/>In accordance with Article 12 of the Personal Data Protection Law, the company uses cameras for surveillance.<br \/>technical measures necessary to ensure the security of personal data obtained as a result of the activity.<br \/>and administrative measures are being taken.<br \/>The company&#039;s retention period for personal data obtained through camera surveillance activities.<br \/>Detailed information can be found in section 6.3 of this Policy, titled &quot;Personal Data Retention Periods&quot;.<br \/>It has been given.<br \/>Live camera footage and digitally recorded and stored footage<br \/>Only a limited number of company employees have access to the records. Those with limited access to the records...<br \/>A number of people have signed a confidentiality agreement stating that they will protect the confidentiality of the data they access.<br \/>is doing.<br \/>9.2. MONITORING GUEST ENTRANCES AND EXITS AT THE COMPANY&#039;S BUILDING AND FACILITY ENTRANCES<br \/>For the purposes of ensuring security and as stated in this Policy, the company<br \/>Personal data processing for tracking guest entries and exits in buildings and facilities.<br \/>Activities are being carried out.<br \/>17<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>When obtaining the names and surnames of individuals who visit company buildings as guests, or when the company...<br \/>through texts posted on the premises or otherwise made accessible to visitors<br \/>The data subjects concerned are informed within this scope. Guest check-in\/check-out<br \/>Data obtained for the purpose of monitoring are processed solely for this purpose and the relevant personal information is shared with the public.<br \/>The data is recorded in a physical data recording system.<\/p>\n<h4>9.3. RECORDS REGARDING INTERNET ACCESS PROVIDED TO THE COMPANY&#039;S GUESTS<br \/>STORAGE AND WEBSITE VISITORS<\/h4>\n<p>For security purposes and as stated in this Policy, our company may record logs of internet access used by guests during their stay on our premises, in accordance with the provisions of Law No. 5651 and the regulations issued pursuant to this Law.<\/p>\n<p>Only a limited number of our company employees have access to the log records obtained within this framework. These records are processed and shared with third parties only when requested by authorized public institutions and organizations, or in order to fulfill our relevant legal obligations and\/or protect our legal rights and establish our company&#039;s defense rights during audit processes carried out within the company.<\/p>\n<p>The company uses technical means (e.g., cookies) to record internet activity on its websites in order to ensure that visitors&#039; visits are consistent with their purposes, to display personalized content, and to conduct online advertising activities.<\/p>\n<p>Detailed explanations regarding the protection and processing of personal data related to these activities carried out by the company can be found in the &quot;Company Website Privacy Policy&quot; texts on the relevant websites.<\/p>\n<h4><span style=\"font-size: 17px; background-color: var(--wd-main-bgcolor); color: var(--wd-text-color);\">CHAPTER 10 \u2013 EFFECTIVE DATE AND UPDABILITY<\/span><\/h4>\n<p>This Policy was prepared and entered into force by the Company on July 31, 2020. The Policy, in whole or in part, may be updated. The Policy is published on the Company&#039;s website, naturagida.com, and is made available to data subjects upon request.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-293783f elementor-widget elementor-widget-wd_table\" data-id=\"293783f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"wd_table.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"wd-el-table-wrap wd-reset-all-last\">\n\t\t\t<table class=\"wd-el-table\">\n\t\t\t\t\t\t\t\t\t<thead class=\"text-left\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<th class=\"wd-table-cell elementor-repeater-item-f34d69e\" colspan=\"2\" rowspan=\"2\">\n\t\t\t\t\t\t\t\t\t<p>Appendix 1: DEFINITIONS<\/p>\t\t\t\t\t\t\t\t<\/th>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t<\/thead>\n\t\t\t\t\n\t\t\t\t<tbody class=\"text-left\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-40d7af6\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-0d8dbc8\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Personal Data<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-5f9a062\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\tIt refers to any data relating to an identified or identifiable natural person.\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-ac07d1b\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-eb710f5\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\tSpecial Category Personal Data\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-4bb04e7\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>This includes data relating to a person&#039;s race, ethnic origin, political views, philosophical beliefs, religion, sect or other beliefs, appearance and clothing, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-113bc15\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-ad4a7e5\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Organisation<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-2cf7cc2\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>It refers to the Personal Data Protection Authority.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t<\/tbody>\n\t\t\t<\/table>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-58c7f99 elementor-widget elementor-widget-wd_table\" data-id=\"58c7f99\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"wd_table.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"wd-el-table-wrap wd-reset-all-last\">\n\t\t\t<table class=\"wd-el-table\">\n\t\t\t\t\t\t\t\t\t<thead class=\"text-left\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<th class=\"wd-table-cell elementor-repeater-item-f34d69e\" colspan=\"2\" rowspan=\"2\">\n\t\t\t\t\t\t\t\t\tAPPENDIX 2: ABBREVIATIONS\t\t\t\t\t\t\t\t<\/th>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t<\/thead>\n\t\t\t\t\n\t\t\t\t<tbody class=\"text-left\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-40d7af6\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-0d8dbc8\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Personal Data Protection Law (KVKK)<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-5f9a062\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>The Law on the Protection of Personal Data No. 6698 dated March 24, 2016, published in the Official Gazette No. 29677 dated April 2016.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-ac07d1b\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-eb710f5\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>KVKK Article 7<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-4bb04e7\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>(1) Personal data shall be deleted, destroyed or anonymized by the data controller, either automatically or upon the request of the data subject, if the reasons requiring their processing cease to exist, even though they have been processed in accordance with this Law and other relevant laws.<br \/>(2) The provisions contained in other laws regarding the deletion, destruction or anonymization of personal data are reserved.<br \/>(3) The procedures and principles regarding the deletion, destruction or anonymization of personal data shall be regulated by regulation.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-113bc15\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-ad4a7e5\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Turkish Penal Code<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-2cf7cc2\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Turkish Penal Code No. 5237, dated September 26, 2004, published in the Official Gazette No. 25611, dated October 12, 2004.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-cfea546\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-4bbc904\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Turkish Penal Code Article 138<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-4ce0b19\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>(1) Those who are obliged to delete data from the system despite the expiry of the periods determined by law, will be sentenced to imprisonment for one to two years if they fail to fulfill their duties.<br \/>(2) (Added: 21\/2\/2014-6526\/5 art.) The subject of the crime is the Criminal Procedure Code<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-2e59885\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-fb80813\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Regulations<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-9644bc8\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Regulation No. 30224 on the Deletion, Destruction or Anonymization of Personal Data, published in the Official Gazette on Saturday, October 28, 2017.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t<\/tbody>\n\t\t\t<\/table>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>CORPORATE About Us Cookie Policy GDPR Information Text Personal Data Protection and Processing Policy Information Society Services FSEK Contact 1. SECTION<\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-16674","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/pages\/16674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/comments?post=16674"}],"version-history":[{"count":0,"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/pages\/16674\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/media?parent=16674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}