{"id":21653,"date":"2023-08-30T12:27:45","date_gmt":"2023-08-30T09:27:45","guid":{"rendered":"https:\/\/www.golfdondurma.com.tr\/kisisel-verilerin-korunmasi-ve-islenmesi-politikasi\/"},"modified":"2025-05-14T12:31:35","modified_gmt":"2025-05-14T09:31:35","slug":"personal-data-protection-and-processing-policy","status":"publish","type":"page","link":"https:\/\/www.golfdondurma.com.tr\/en\/personal-data-protection-and-processing-policy\/","title":{"rendered":"Personal Data Protection and Processing Policy"},"content":{"rendered":"<div data-elementor-type=\"wp-page\" data-elementor-id=\"21653\" class=\"elementor elementor-21653\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2185ff3d elementor-section-full_width wd-section-stretch elementor-section-height-default elementor-section-height-default\" data-id=\"2185ff3d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-65694831 wd-elementor-sticky-column wd_sticky_offset_100\" data-id=\"65694831\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3c288020 elementor-widget elementor-widget-wd_mega_menu\" data-id=\"3c288020\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"wd_mega_menu.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"wd-menu widget_nav_mega_menu wd-nav-wrapper\">\n\t\t\t\t\t\t\t<h5 class=\"widget-title color-scheme-\">\n\t\t\t\t\tINSTITUTIONAL\t\t\t\t<\/h5>\n\t\t\t\t\t\t<ul id=\"menu-kurumsal\" class=\"menu wd-nav wd-nav-vertical wd-design-default\"><li id=\"menu-item-16659\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-16659 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/about-us\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">About Us<\/span><\/a><\/li>\n<li id=\"menu-item-16658\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-16658 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/cookie-policy-3\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Cookie Policy<\/span><\/a><\/li>\n<li id=\"menu-item-16673\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-privacy-policy menu-item-16673 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/kvkk-personal-data-protection-law-information-text\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Personal Data Protection Law (KVKK) Information Text<\/span><\/a><\/li>\n<li id=\"menu-item-16680\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-16680 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/personal-data-protection-and-processing-policy-4\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Personal Data Protection and Processing Policy<\/span><\/a><\/li>\n<li id=\"menu-item-19621\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-19621 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/information-society-services\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Information Society Services<\/span><\/a><\/li>\n<li id=\"menu-item-17943\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-17943 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/fsek\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">FSEK<\/span><\/a><\/li>\n<li id=\"menu-item-16660\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-16660 item-level-0 menu-simple-dropdown wd-event-hover\" ><a href=\"https:\/\/www.golfdondurma.com.tr\/en\/contact-us\/\" class=\"woodmart-nav-link\"><span class=\"nav-link-text\">Contact Us<\/span><\/a><\/li>\n<\/ul>\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-38da8f3b\" data-id=\"38da8f3b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-be547cd elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"be547cd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"icon icon-user-registration\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h1 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tPERSONAL DATA PROTECTION AND PROCESSING POLICY\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h1>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\tNATURA FOOD INDUSTRY AND TRADE INC. Personal Data Protection and Processing Policy\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-76f2f308 color-scheme-inherit text-left elementor-widget elementor-widget-text-editor\" data-id=\"76f2f308\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p>CHAPTER 1 \u2013 INTRODUCTION<br \/>1.1. INTRODUCTION<br \/>1.2. PURPOSE AND SCOPE OF THE POLICY<br \/>1.3. IMPLEMENTATION OF THE LEGISLATION<br \/>SECTION 2 \u2013 PROCESSING OF PERSONAL DATA<br \/>2.1. GENERAL PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA<br \/>2.2. CONDITIONS FOR PROCESSING PERSONAL DATA<br \/>2.2.1. Processing of Personal Data of General Nature<br \/>2.2.2. Processing of Special Categories of Personal Data<br \/>SECTION 3 \u2013 PROTECTION OF PERSONAL DATA<br \/>3.1. SECURITY OF PERSONAL DATA<br \/>3.1.1. Lawful Processing of Data<br \/>3.1.2. Unlawful Access Blocking<br \/>3.1.3. Storing Personal Data in a Secure Environment<br \/>3.2. SUPERVISION OF THE IMPLEMENTATION OF THE PROVISIONS OF THE LAW<br \/>3.3. UNAUTHORIZED DISCLOSURE OF PERSONAL DATA<br \/>SECTION 4 \u2013 MEASURES FOR THE PROTECTION OF PERSONAL DATA<br \/>SECTION 5 \u2013 TRANSFER OF PERSONAL DATA TO THIRD PARTIES<br \/>SECTION 6 \u2013 STORAGE OF PERSONAL DATA<br \/>6.1. LEGAL OBLIGATIONS OF THE COMPANY<br \/>6.2. DELETION, DESTRUCTION and ANONYMIZATION OF PERSONAL DATA<br \/>6.2.1. Deletion of Personal Data<br \/>6.2.2. Destruction of Personal Data<br \/>6.2.3. Anonymization of Personal Data<br \/>6.3. PERSONAL DATA STORAGE PERIODS<br \/>6.4. PERSONAL DATA INVENTORY<br \/>CHAPTER 7 \u2013 RIGHTS OF THE PERSONAL DATA SUBJECT<br \/>7.1. RIGHTS OF PERSONAL DATA OWNER and TERMS FOR USING THEIR RIGHTS<br \/>7.2. OBSERVANCE OF THE RIGHTS OF THE PERSONAL DATA SUBJECT<br \/>7.3. SITUATIONS WHERE THE PERSONAL DATA OWNER CANNOT CLAIM RIGHTS<br \/>SECTION 8 \u2013 PROCESSING OF PERSONAL DATA OF PROSPECTIVE EMPLOYEES<br \/>CHAPTER 9 \u2013 THE COMPANY&#039;S BUSINESS WITHIN THE COMPANY&#039;S FACILITIES AND THROUGH ITS INTERNET WEBSITE<br \/>PERSONAL DATA PROCESSING ACTIVITIES<br \/>9.1. CAMERA SURVEILLANCE CONDUCTED AT ENTRANCES AND INSIDE THE COMPANY&#039;S BUILDING FACILITIES<br \/>ACTIVITY<br \/>9.2. MONITORING OF GUEST ENTRANCES AND EXITS TO THE COMPANY&#039;S BUILDING FACILITY ENTRANCES<br \/>9.3. RECORDS OF INTERNET ACCESS PROVIDED TO THE COMPANY&#039;S GUESTS<br \/>STORAGE AND WEBSITE VISITORS<br \/>SECTION 10 \u2013 ENFORCEMENT and UPDATEABILITY<br \/>Annex 1: DEFINITIONS<br \/>ANNEX-2: ABBREVIATIONS<\/p>\n<p>CHAPTER 1 \u2013 INTRODUCTION<br \/>1.1. INTRODUCTION<\/p>\n<p>law no. 6698 on the Protection of Personal Data (\u201cKVKK\u201d) introduces important regulations regarding the protection and lawful processing of personal data. Protection of personal data is among the most important priorities of Natura G\u0131da Sanayi ve Ticaret A.\u015e. (\u201cCompany\u201d).<\/p>\n<p>In particular, it is the basis of our company data policy to show the utmost care about access to the private life and information of individuals, to take effective and deterrent measures in this regard; to be transparent to our customers, potential customers, visitors, company officials, all of the parties and institutions we cooperate with, in short, to each person who is directly or indirectly connected with our company and whose data we process.<\/p>\n<p>With this Policy, our Company determines and realizes our rules for the processing of personal data within the framework of the principles of transparency and openness.<\/p>\n<p>1.2. PURPOSE AND SCOPE OF THE POLICY<\/p>\n<p>The main purpose of this policy is to protect the fundamental rights and freedoms of the persons whose data are processed, especially the privacy of private life in the processing of personal data, and in this sense, to ensure that every activity of our Company is carried out in accordance with the rules specified here. The scope of the provisions of this policy is the personal data of the persons whose data we process directly or indirectly.<\/p>\n<p>1.3. IMPLEMENTATION OF THE LEGISLATION<\/p>\n<p>In case of incompatibility between the legislation in force and our policy<br \/>From legislation will be applied as a priority and more specific objectives outside of this basic policy<br \/>If there are other policies or regulations established for the same subject matter for<br \/>Articles containing provisions shall apply. Other policies and documents shall apply to this policy and related<br \/>Provisions in conflict with the legislation shall not apply.<\/p>\n<p>SECTION 2 \u2013 PROCESSING OF PERSONAL DATA<br \/>2.1. GENERAL PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA<\/p>\n<p>While processing the data of individuals, the data must be obtained and processed in accordance with the law and good faith during the processing process. Our Company processes the data with the utmost sensitivity and control in accordance with the law and honesty rules.<\/p>\n<p>The processed data must be accurate and up-to-date. Our Company checks the accuracy of the processed data at each processing level and makes the necessary preparations to keep it up to date when necessary.<\/p>\n<p>During the processing of data, it must be clear which data is processed, how much of it is processed, and for what purpose it is processed, and it must be lawful, i.e. legitimate. Our company processes data only for legitimate purposes and takes care to ensure that the data to be obtained during this processing is specific. Our Company processes the data in a clear and uncertain manner in order not to use the information obtained for different purposes and not to cause misunderstanding.<\/p>\n<p>The data must be processed in a controlled manner that is loyal to the purpose of processing, limited to the purpose related to that purpose and in a measured manner. Our company processes the data of data subjects in a measured manner, only for the purpose for which they are processed and limited to that purpose.<\/p>\n<p>Processed personal data must be stored in accordance with the period in the relevant legislation or the period specified in the relevant purpose. In this context, our company primarily retains personal data limited to these periods if a period of time is stipulated in the relevant legislation for the retention of personal data. If a period of time is not specified in the legislation or there is no legal reason for keeping the data for a longer period of time, our company keeps personal data for the period required for the purpose for which they are processed. Thus, the security of data subjects is maximized<br \/>(Section 6.4 for detailed information). In accordance with the provisions of this policy and all relevant legislation, our employees who carry the title of data processor are under an unlimited confidentiality obligation regarding personal data.<\/p>\n<p>2.2. CONDITIONS FOR PROCESSING PERSONAL DATA<br \/>2.2.1. Processing of Personal Data of General Nature<\/p>\n<p>All kinds of personal data processed by our Company that do not fall into the category of special categories of personal data are in the general category of personal data.<\/p>\n<p>Personal data cannot be processed without the explicit consent of the data subject. In the presence of one of the following conditions, it is possible to process personal data without the explicit consent of the data subject:<\/p>\n<p>a) Explicitly stipulated in the law<br \/>b) It is mandatory for the protection of the life or bodily integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid, or of another person<br \/>c) Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract<br \/>d) It is mandatory for the data controller to fulfill its legal obligation<br \/>e) It has been made public by the person concerned<br \/>f) Data processing is mandatory for the establishment, exercise or protection of a right<br \/>g) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.<\/p>\n<p>2.2.2. Processing of Special Categories of Personal Data<\/p>\n<p>Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data.<\/p>\n<p>It is prohibited to process sensitive personal data without the explicit consent of the data subject.<br \/>Personal data other than health and sexual life listed in the first paragraph can be processed without the explicit consent of the person concerned in cases stipulated by law.<\/p>\n<p>Our Company obtains the explicit consent of the relevant data subjects while processing and storing special quality data for keeping records of private health problems.<\/p>\n<p>Personal data relating to health and sexual life can only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking the explicit consent of the data subject.<\/p>\n<p>In the processing of special categories of personal data, adequate measures determined by the Personal Data Protection Board must also be taken.<\/p>\n<p>SECTION 3 \u2013 PROTECTION OF PERSONAL DATA<br \/>3.1. SECURITY OF PERSONAL DATA<\/p>\n<p>In accordance with Article 12 of the Law on the Protection of Personal Data, our Company, in its capacity as Data Controller;<\/p>\n<p>To prevent unlawful processing of personal data,<br \/>To prevent unlawful access to personal data,<br \/>In order to ensure the protection of personal data, it is obliged to take all necessary technical and administrative measures to ensure the appropriate level of security.<\/p>\n<p>In order to ensure that personal data is processed in accordance with the law by our Company, all kinds of technical and administrative measures are taken according to technological possibilities and implementation cost. Personal data learned by data controllers and data processors cannot be disclosed to others in violation of the provisions of this law and cannot be used for purposes other than processing.<\/p>\n<p>Necessary training has been provided to the company personnel on technical issues; Awareness of the employees on this issue is created and audits are carried out. This ensures the employment of knowledgeable personnel within the company. The relevant department of our company and our contracted legal consultancy company work in coordination in this regard.<\/p>\n<p>3.1.1. Lawful Processing of Data<\/p>\n<p>The main technical and technical measures taken by our company to ensure that personal data is processed in accordance with the law<br \/>administrative measures are as follows:<br \/>\u2013 Personal data processing activities carried out within our company are carried out with technical systems<br \/>audited and reported to the relevant persons.<br \/>\u2013 The personal data processing activities carried out by the business units of our Company and these<br \/>compliance of the activities with the personal data processing conditions required by Law No. 6698<br \/>The requirements to be fulfilled in order to ensure that each department and the relevant unit<br \/>is determined specific to the activity it carries out.<br \/>\u2013 To ensure compliance with the law and to comply with the procedure prepared for the relevant departments<br \/>compliance, continuity and supervision; administrative measures, internal policies and trainings<br \/>through the use of the Internet.<br \/>3.1.2. Blocking Unlawful Access<br \/>Our Company may prevent the disclosure or access of personal data in an imprudent or unauthorized manner,<br \/>of the data to be protected in order to prevent its transfer or any other form of unlawful access<br \/>takes technical and administrative measures according to their nature.<br \/>The main technical and administrative measures taken by our Company to prevent unlawful access to personal data<br \/>The measures are as follows<br \/>\u2013 Access and authorization technical solutions and technical measures taken periodically<br \/>the issues that pose a risk are re-evaluated and the necessary technological<br \/>The solution is produced. Including logging, virus protection systems and firewalls<br \/>software and hardware are installed.<br \/>\u2013 Technically knowledgeable personnel are employed.<br \/>\u2013 In accordance with business unit-based legal compliance requirements, personal data is accessed within the company.<br \/>access and authorization processes are designed and implemented.<br \/>\u2013 Employees may use the personal data they learn in accordance with the provisions of the Personal Data Protection Law and<br \/>disclose to others in violation of all other relevant legislation and for the purpose of processing<br \/>and that this obligation shall not continue after they leave office.<br \/>6<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>will continue and accordingly, they are informed of the necessary<br \/>Commitments are received.<br \/>\u2013 With the persons to whom personal data are transferred by our Company in accordance with the law<br \/>to the contracts concluded; the persons to whom personal data are transferred, the protection of personal data<br \/>to take the necessary security measures for the purpose of the security measures to be taken and\/or<br \/>Mutual memorandums of understanding are signed.<br \/>3.1.3. Storage of Personal Data in a Secure Environment<br \/>Our Company ensures that personal data are stored in secure environments and destroyed for unlawful purposes.<br \/>the technical and administrative measures necessary to prevent the loss, destruction or alteration of<br \/>is taken. The main measures taken by our Company to store personal data in secure environments<br \/>technical and administrative measures are as follows:<br \/>\u2013 In order to store personal data in secure environments, technological developments<br \/>systems are used.<br \/>\u2013 Personnel specialized in technical issues are employed.<br \/>\u2013 Technical security systems are established for storage areas and technical<br \/>measures are reported to the relevant person, the issues that pose a risk are re-evaluated<br \/>necessary technological solution is produced.<br \/>\u2013 In order to ensure that personal data is stored securely, a lawful<br \/>Backup programs are used.<br \/>\u2013 Non-digital data is kept in locked cabinets and only authorized<br \/>will be accessible by individuals.<br \/>3.2. SUPERVISION OF THE IMPLEMENTATION OF THE PROVISIONS OF THE LAW<br \/>Pursuant to paragraph 3 of Article 12 of the Law on the Protection of Personal Data, the Data Controller<br \/>institution or organization, necessary to ensure the implementation of the provisions of this law<br \/>audits or have them done.<br \/>Our company and our contracted legal consultancy company are responsible for the establishment of the above-mentioned data security<br \/>and conducts the necessary inspections to ensure the regularity and continuity of the measures taken<br \/>and\/or have it done. The results of these audits shall be reviewed within the scope of the internal functioning of our company.<br \/>department or management and necessary measures are taken to improve the measures taken.<br \/>activities in accordance with the Personal Data Protection Law and other legislation and this company policy<br \/>is carried out in this way.<br \/>Our Company prohibits unlawful processing of personal data, unlawful access to data<br \/>to raise awareness to prevent access and ensure data protection<br \/>trainings, seminars and sessions conducted to organize necessary trainings for business units<br \/>through the Company. In parallel with the updating of the relevant legislation<br \/>updates and renews its trainings. On the protection of personal data<br \/>necessary systems are established to raise awareness, and audits on the subject are conducted by our company.<br \/>relevant department and our contracted legal consultancy company.<br \/>The activities carried out to raise awareness on the protection and processing of personal data<br \/>Training results are reported to our company and participation in such trainings is reported to our company.<br \/>and controlled by the Ministry of Environment and Urbanization.<br \/>7<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>3.3. UNAUTHORIZED DISCLOSURE OF PERSONAL DATA<br \/>In terms of crimes related to unauthorized disclosure of personal data, the Turkish Penal Code No. 5237 No. 135<br \/>The provisions of Articles 140 to 140 and all relevant legislation shall apply. The provisions of all relevant legislation<br \/>Our company notifies employees and relevant persons. Records personal data in violation of the law,<br \/>unlawfully transfers, disseminates or obtains personal data to another person, in violation of the laws<br \/>does not destroy the data within the system despite the expiry of the deadlines determined by the Personal Data<br \/>contrary to the provision of Article 7 Article 3 of the Protection Law; storing personal data or<br \/>does not delete personal data despite the loss of the reasons that legitimize the processing of personal data or<br \/>real persons who do not anonymize the company are subject to obligation pursuant to Article 138 of the Turkish Penal Code.<br \/>shall be punished with a fine. Deletion, destruction or anonymization of personal data<br \/>The procedures and principles regarding the introduction of personal data shall be regulated by regulation.<br \/>According to the regulations made in the Turkish Penal Code, personal data may be illegally transferred to a<br \/>The person who gives this data to another person, disseminates or obtains this data illegally, shall be sentenced to two years to four years<br \/>shall be sentenced to imprisonment for a term of imprisonment which may extend to imprisonment for a term of imprisonment up to<br \/>The person who commits this offense by taking advantage of the personal data shall be punished with the qualified form of the penalty. personal data<br \/>the company that commits the offense of viewing, obtaining or hacking data without authorization to process it<br \/>employee will be notified to the personal data subject, prosecutor&#039;s office and relevant authorities without delay and<br \/>necessary procedures will be carried out and will be punished for the qualified form of the crime.<br \/>Pursuant to the provision regulated under the title of Misdemeanors in the Personal Data Protection Law<br \/>fail to fulfill the disclosure obligation or obligations regarding data security,<br \/>Those who fail to fulfill the decisions taken by the Board or who fail to register with the Data Controllers Registry and<br \/>Administrative fines are also imposed on those who violate the notification obligation.<br \/>CHAPTER 4 \u2013 MEASURES FOR THE PROTECTION OF PERSONAL DATA<br \/>In order to ensure the enforcement of our Company&#039;s Policy on the Protection and Processing of Personal Data, a<br \/>management structure.<br \/>In order to manage this Policy and other policies connected and related to this Policy within the Company<br \/>The committee is being established. The duties of the committee are stated below:<br \/>\u2013 To review the basic policies on the Protection and Processing of Personal Data and, if necessary<br \/>to prepare amendments to these policies<br \/>\u2013 Implementation and enforcement of policies on the Protection and Processing of Personal Data<br \/>to decide how the follow-up will be carried out<br \/>\u2013 Making internal assignments and ensuring coordination<br \/>\u2013 To ensure compliance with the Law on the Protection of Personal Data and related legislation<br \/>to determine the necessary matters and to ensure the implementation of these matters<br \/>\u2013 Cooperation within and with the Company on the Protection and Processing of Personal Data<br \/>to raise awareness among institutions and organize trainings in this context<br \/>\u2013 By identifying the risks that may arise in the personal data processing activities of the company, necessary<br \/>to ensure that measures are taken<br \/>\u2013 To resolve the applications of personal data subjects at the highest level<br \/>\u2013 To follow developments and regulations on the protection of personal data and<br \/>take necessary actions<br \/>In addition to these duties, the Committee also fulfills other duties assigned by the senior management. Committee<br \/>All activities are carried out with the approval of the senior management.<br \/>8<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>Our Company, the contracted legal consultancy company and the Personal Data Protection Board<br \/>designate a Contact Person for the communication to be established and notify the registry at the time of registration<br \/>is obliged The contact person(s) is\/are authorized to do this work within our company.<br \/>is a real person who is a member of the department(s).<br \/>According to the Data Controllers Registry Regulation, our Company defines the function of the contact person as<br \/>As a point, the requests of the data subjects to the data controller should be processed quickly and effectively.<br \/>to ensure that the data subject&#039;s personal data are answered. The data whose personal data are processed in this way<br \/>responding to the problems or questions of the owners in the fastest and most explanatory manner<br \/>intended, but the contact person is not legally authorized to represent the data controller. this<br \/>contacting the company and the data subject or contact person, except to provide information for cause<br \/>to answer the questions of the relevant person in accordance with the law and to inform our company about this matter<br \/>has no duty or authorization other than informing. Our Company contact person<br \/>authorized department assigned by our company as soon as it is informed by<br \/>or organization will take action on the problem as soon as possible and the necessary procedure<br \/>will be carried out. During these procedures, the personal data owner or the person concerned will be informed about all these procedures and<br \/>will be informed about the procedures and, if necessary, the authorized department or institution of our company<br \/>personal data owner or the relevant persons will be interviewed by the Personal Data Protection Unit.<br \/>SECTION 5 \u2013 TRANSFER OF PERSONAL DATA TO THIRD PARTIES<br \/>In accordance with Article 10 of the KVK Law, our Company identifies the groups of persons to whom personal data are transferred<br \/>notifies the personal data owner.<br \/>Our company, in accordance with Articles 8 and 9 of the KVKK Law, the data managed by the policy<br \/>The personal data of the owners may be transferred to the categories of persons listed below: The Company;<br \/>\u2013 To business partners<br \/>\u2013 Suppliers<br \/>\u2013 Group companies<br \/>\u2013 Shareholders<br \/>\u2013 Authorities<br \/>\u2013 Legally authorized public institutions and organizations<br \/>\u2013 The above-mentioned persons to whom transfers are made to legally authorized private law persons<br \/>The scope and purposes of data transfer are set out below:<br \/>Category Description Purpose of Data Transfer<br \/>Community<br \/>Companies<br \/>Our company&#039;s affiliated business<br \/>defines partnerships. Business<br \/>our partners in the appendix<br \/>explained.<br \/>All kinds of commercial and<br \/>ensure the execution of the organizational measure<br \/>Shareholders Real persons who are shareholders of the Company<br \/>individuals<br \/>Law, effectiveness according to the provisions of the relevant legislation<br \/>management and corporate communication processes<br \/>for the purpose of carrying out the activities and with these activities<br \/>limited to<br \/>Company Officials Company Board Members<br \/>and other authorized natural persons<br \/>According to the provisions of the relevant legislation, the company&#039;s commercial<br \/>designing strategies for the activities of the highest<br \/>ensuring management and supervision at the level<br \/>limited to its purposes<br \/>Legally Authorized<br \/>Public Institution<br \/>and Organizations<br \/>Provisions of the relevant legislation<br \/>information and documents from the company according to<br \/>public institutions authorized to receive<br \/>and organizations<br \/>Legal authority of relevant public institutions and organizations<br \/>limited to the purpose for which it is requested within<br \/>Legally Authorized<br \/>Private Law<br \/>Persons<br \/>Provisions of the relevant legislation<br \/>information and documents from the company according to<br \/>Within the legal jurisdiction of the relevant private law persons<br \/>limited to the purpose for which it is requested<br \/>9<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>authorized private law<br \/>persons<br \/>Suppliers<br \/>Company&#039;s commercial activities<br \/>while executing the company&#039;s orders and<br \/>in accordance with the instructions<br \/>contract-based company<br \/>parties providing services<br \/>The Company&#039;s commercial and financial assets and liabilities that the Company procures from the supplier<br \/>to fulfill its organizational activities<br \/>to provide the necessary services<br \/>SECTION 6 \u2013 STORAGE OF PERSONAL DATA<br \/>6.1. LEGAL OBLIGATIONS OF THE COMPANY<br \/>Our Company, Article 7 of the Law No. 6698 on the Protection of Personal Data and Turkish Penal Code No. 5237<br \/>processed and subsequently processed and stored in accordance with the disclosures in Article 138 of the Law<br \/>personal data whose purpose has disappeared, arising from the Turkish Commercial Code, all relevant<br \/>the rights granted by the provisions of the legislation and the principles set out in this policy (See section<br \/>2.2.1 (f) and (g)) or by the decision to be taken by the Company or by the interests of our Company in its commercial life<br \/>Upon the explicit request of the data subject, the Law on the Protection of Personal Data<br \/>Deletes or destroys or anonymizes as specified in Article 7.<br \/>6.2. DELETION, DESTRUCTION and ANONYMIZATION OF PERSONAL DATA<br \/>6.2.1. Deletion of Personal Data<br \/>Deletion of personal data is defined in Article 8 of the regulation as \u201cthe deletion of personal data for the relevant users\u201d.<br \/>is the process of making it inaccessible and unusable in any way\u201d.<br \/>defined. Personal data may be deleted by the following methods:<br \/>Application Type Cloud Solutions as a Service<br \/>Data in the cloud system is deleted by issuing a delete command. While the aforementioned process is taking place, the related<br \/>The user is not authorized to retrieve deleted data on the cloud system.<br \/>Personal Data on Paper Media<br \/>Personal data on paper media is erased using the blackout method. blackout method,<br \/>personal data on the relevant documents should be truncated where possible, and where not possible<br \/>In cases that are irreversible and unreadable by technological solutions.<br \/>ink is used to render the relevant users invisible.<br \/>Office Files on the Central Server<br \/>The file is deleted with the delete command in the operating system, or the file or the<br \/>The access rights of the relevant user on the directory are removed.<br \/>Personal Data on Portable Media<br \/>Personal data on Flash-based storage media are stored encrypted and are suitable for<br \/>is deleted using software.<br \/>Databases<br \/>The relevant rows containing personal data are deleted by database commands. The aforementioned operation<br \/>the relevant person performing the realization is not the database administrator.<br \/>10<br \/>This document may not be reproduced and distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>6.2.2. Destruction of Personal Data<br \/>Destruction of personal data is defined in Article 9 of the regulation as \u201cpersonal data should not be<br \/>to render it inaccessible, unrecoverable and unusable by any means<br \/>is defined as \u201ca process\u201d. Personal data can be destroyed by the following methods:<br \/>Physical Destruction<br \/>Personal data are non-automatic, provided that they are part of any data recording system<br \/>can also be processed in other ways. When destroying such data, the personal data is subsequently<br \/>physically destroying it so that it cannot be used.<br \/>De-magnetization<br \/>Magnetic media is passed through a special device and exposed to a high magnetic field<br \/>is the process of rendering the data on it incomprehensible and unreadable.<br \/>Paper Media<br \/>Destruction processes in this environment can reduce paper to incomprehensible sizes with shredding and clipping machines.<br \/>is the method of destroying personal data.<br \/>6.2.3. Anonymization of Personal Data<br \/>Anonymization of personal data is defined in Article 10 of the regulation as \u201cthe anonymization of personal data by<br \/>Even if it is matched with data, under no circumstances with an identified or identifiable natural person<br \/>It is defined as \u201dmaking it impossible to associate it. Personal data is defined as<br \/>can be anonymous with methods:<br \/>Masking<br \/>By removing or deleting the distinctive titles or characteristics of the data subjects whose data are processed<br \/>is an anonymization method provided.<br \/>Example: Removing information such as TR Identity Number etc. that enables the identification of the personal data subject<br \/>preventing the recognition of the data subject through<br \/>Data Shuffling Permutation<br \/>With this method, some of the information of the data owners whose data are in the system is replaced<br \/>to anonymize the data by modifying it.<br \/>Example: In employee information, in addition to the data evaluated as the main category, sub-valued<br \/>Ensuring that the personal data owner is not recognized by changing the location of the information<br \/>Data Derivation<br \/>Adding or subtracting variables in the data in the system to certain extent<br \/>making the information undetectable or unidentifiable.<br \/>Example: Instead of the detailed disclosure of the residence of the personal data owner whose data is processed<br \/>specifying the neighborhood or district<br \/>Aggregation Method<br \/>It is a method of converting the relevant personal data from a specific value to a general value. With this method, the data<br \/>generalized and personal data cannot be associated with any individual<br \/>is being introduced. Example: Instead of counting the neighborhoods where employees live one by one, X<br \/>indicating that Y number of employees live in the neighborhood<br \/>11<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>One or more of the anonymization methods described above may be used in accordance with all relevant legislation and<br \/>In line with the interests of our company in business life, this policy has been approved by the company.<br \/>will be selected by the committee established to ensure its enforcement. More details about the committee<br \/>information is described in the previous chapter (see Chapter 4).<br \/>The method of anonymization to be selected shall be determined by the committee taking into account the following considerations<br \/>will be determined:<br \/>\u2013 The nature of the data<br \/>\u2013 Size of the data<br \/>\u2013 The structure of data in physical environments<br \/>\u2013 Diversity of data<br \/>\u2013 Purpose of processing the data<br \/>Anonymization process retention periods of this policy and personal data inventory<br \/>in parallel with the principles specified in the sections.<br \/>6.3. PERSONAL DATA STORAGE PERIODS<br \/>Our Company, in accordance with the periods specified in all relevant legislation, will keep your personal data in its data inventory.<br \/>retains the data.<br \/>In case there is no period determined in the relevant legislation regarding these periods<br \/>To be in compliance with the customs arising from the sector in which our Company operates and the laws and regulations<br \/>personal data within the periods determined in accordance with the interests of our company, provided that<br \/>data is retained, and in cases where there is no need for storage, the data is discarded in accordance with the above-mentioned procedure<br \/>the personal data is erased or destroyed or anonymized in any manner.<br \/>The purpose of processing and storing personal data has ceased to exist and all relevant<br \/>the principles set forth in the legislation and by our company in this policy (See Section 2.2.1 (f) and<br \/>(g))) for any legal disputes that may arise in the future if the periods determined in accordance with (g)) have elapsed<br \/>Personal data may also be stored for the purpose of use. Personal data specified in this section<br \/>stored solely for use in legal disputes and for any other purpose<br \/>cannot be used. In line with the above explanations, our company may foresee<br \/>all measures and precautions are taken.<br \/>For example, against the employee who leaves the workplace, due to unfair termination of the contract<br \/>for the purpose of determining the competent court for the judgment to be filed<br \/>Using the information available in the data system to make the determination in this context<br \/>(The scope of the above explanations is not limited to the example given).<br \/>6.4. PERSONAL DATA INVENTORY<br \/>Personal Data Inventory, in accordance with the KVKK and the Regulation on the Data Controllers&#039; Registry<br \/>the data processed separately in each department within our company are collected and<br \/>The deletion, destruction, anonymization process as described above is subject to the legislation and the company<br \/>policy and can be submitted to the KVK Institution when necessary.<br \/>data (MS Word, Excel, etc.).<br \/>According to the definition in the Regulation, a personal data inventory should include the following<br \/>are listed:<br \/>12<br \/>This document may not be reproduced and distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>\u2013 Purposes of personal data processing<br \/>\u2013 Data category<br \/>\u2013 Personal data created by associating with the transferred recipient group and the data subject group<br \/>the maximum periods required for the processing of data<br \/>\u2013 Personal time periods foreseen to be transferred to foreign countries<br \/>\u2013 Measures taken regarding data security<br \/>Taking into account the above-mentioned criteria, in relation to personal data, it will be made with this data<br \/>Information on transactions will be collected in the relevant inventory. The content of the inventory will be based on our company&#039;s compliance with the law and<br \/>in digital media such as MS Word, Excel for their own benefit in accordance with the legislation<br \/>content that cannot be stored in digital media can be stored in paper media.<br \/>can also be stored.<br \/>Our company deletes, destroys, anonymizes personal data described in Section 6<br \/>or by an officer authorized by our company in the personal data inventory<br \/>is realized.<br \/>If there is a provision in the relevant legislation regarding the method of preparation of the Personal Data Inventory, personal data<br \/>Inventory will be prepared by our company in accordance with these provisions. Personal Data<br \/>In cases where there is no provision in the relevant legislation regarding the preparation procedure of the Inventory, our company,<br \/>personal data inventory, taking into account its own internal working discipline and internal working processes<br \/>is free to choose which procedure it will choose for preparation.<br \/>CHAPTER 7 \u2013 RIGHTS OF THE PERSONAL DATA SUBJECT<br \/>7.1. RIGHTS OF PERSONAL DATA OWNER and TERMS FOR USING THEIR RIGHTS<br \/>Our company, evaluation of the rights of personal data owners and personal data owners<br \/>Article 13 of the Personal Data Protection Law to provide the necessary information<br \/>It carries out the necessary channels, internal functioning, administrative and technical arrangements in accordance with.<br \/>Personal data owners may submit their requests regarding their rights listed below in writing to our company<br \/>In the event that they submit their request, our company will respond to the request free of charge within thirty days at the latest, depending on the nature of the request.<br \/>as a finalization process. However, if a fee is stipulated by the Personal Data Protection Board<br \/>In the case, our company will ask the applicant to provide the personal data determined by the Personal Data Protection Board.<br \/>the fee in the tariff will be charged. Personal data subjects;<br \/>\u2013 Learn whether personal data is processed or not<br \/>\u2013 Request information if personal data has been processed<br \/>\u2013 The purpose of processing personal data and whether they are used for their intended purpose<br \/>learning<br \/>\u2013 To know the third parties to whom personal data are transferred domestically or abroad<br \/>\u2013 To request correction of personal data in case of incomplete or incorrect processing<br \/>and to notify third parties to whom personal data are transferred of the transaction made within this scope<br \/>don&#039;t ask<br \/>\u2013 Processed in accordance with the provisions of the Personal Data Protection Law and other relevant laws<br \/>Although it has been processed, if the reasons requiring its processing disappear, the personal<br \/>to request the deletion or destruction of the data and to request that the transaction made within this scope<br \/>to request notification to third parties to whom the data is transferred<br \/>13<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>\u2013 By analyzing the processed data exclusively through automated systems<br \/>to object to a result that is unfavorable to oneself<br \/>\u2013 In case of damage due to unlawful processing of personal data<br \/>have the right to demand compensation for the damage.<br \/>Pursuant to Article 13 of the Personal Data Protection Law, personal data owners have the right to<br \/>to exercise their stated rights in \u201cwritten\u201d or in accordance with the provisions of the Law on the Protection of Personal Data<br \/>They are required to forward it to our Company by other methods determined by the Board.<br \/>Right of Access to Personal Data<br \/>Data subjects have a right of access to their personal data without charge. The Company&#039;s<br \/>interest and legitimate right to keep the data Personal Data Protection Law and related legislation<br \/>protected within the scope; the right to change and delete is observed. Our Company gives the relevant person the right<br \/>\u2013 Learn whether his\/her personal data is being processed<br \/>\u2013 Request information if personal data has been processed<br \/>\u2013 The purpose of processing personal data and whether they are used in accordance with their purpose<br \/>learning that it is not used<br \/>\u2013 In the request to know the third parties to whom personal data are transferred domestically or abroad<br \/>that he\/she has the right to make a request.<br \/>Right to Change or Delete Personal Data<br \/>The right of data subjects to have their personal data amended or erased without incurring a fee<br \/>are available. In this context, the person concerned;<br \/>\u2013 Correction of personal data in case of incomplete or incorrect processing<br \/>don&#039;t ask<br \/>\u2013 In the event that the reasons requiring the processing of personal data disappear<br \/>request deletion or destruction of data<br \/>\u2013 The aforementioned correction, deletion or destruction of personal data<br \/>to be notified to third parties to whom it has been transferred and<br \/>\u2013 By analyzing the processed data exclusively through automated systems<br \/>to object to the occurrence of an unfavorable result.<br \/>Pursuant to the Personal Data Protection Law, personal data must be accurate and, where necessary, up-to-date.<br \/>to ensure that personal data is accurate and up to date, therefore, personal data must be accurate and up to date.<br \/>Notification of changes in the current situation to our company by the relevant party in order to keep the current situation<br \/>is required. If the data change is not notified to our company in writing by the data subject<br \/>any damages and losses arising or that may arise due to failure to update the data<br \/>Our company is not responsible for the sanction.<br \/>7.2. OBSERVING THE RIGHTS OF THE PERSONAL DATA OWNER<br \/>Pursuant to Article 12 of the Personal Data Protection Law, the data controller<br \/>\u2013 Prevent unlawful processing of personal data,<br \/>\u2013 To prevent unlawful access to personal data and<br \/>\u2013 Ensure the appropriate level of security in order to ensure the protection of personal data<br \/>to take all necessary technical and administrative measures.<br \/>14<br \/>This document may not be reproduced and distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>Pursuant to the relevant article of law, our Company may not disclose personal data to any other real or legal person on its behalf.<br \/>to take the measures specified in the first paragraph if it is committed by a legal person<br \/>is jointly and severally liable together with these persons. Our Company shall not be liable to its own institutions or<br \/>necessary audits to ensure the implementation of the provisions of this law in its establishment<br \/>is made.<br \/>This provision is hereby added by the Company to all contracts, commitments and memorandums of understanding.<br \/>shared with those who can transfer data in Section 5 of the policy; actual impossibility<br \/>or because it is not in accordance with the ordinary course of life.<br \/>In cases where the text cannot be created, this policy can be found on the naturagida.com.tr website.<br \/>can be seen as it has been made publicly available.<br \/>7.3. SITUATIONS WHERE THE PERSONAL DATA OWNER CANNOT CLAIM RIGHTS<br \/>Pursuant to Article 28 of the Law on the Protection of Personal Data, personal data owners are entitled to<br \/>As personal data subjects are excluded from the scope of the relevant law, personal data subjects are subject to the following procedures in these matters<br \/>cannot assert their rights:<br \/>\u2013 The anonymization of personal data by official statistics and research, planning<br \/>and processing for purposes such as statistics<br \/>\u2013 Personal data may be used to protect national defense, national security, public safety, public order,<br \/>violate economic security, privacy or personal rights, or criminal offenses<br \/>for artistic, historical, literary or scientific purposes or for expression<br \/>committed within the scope of freedom<br \/>\u2013 Personal data may be used to protect national defense, national security, public safety, public security, public order or<br \/>public authorities authorized by law to ensure economic security<br \/>preventive, protective and intelligence activities carried out by institutions and organizations<br \/>processing within the scope and<br \/>\u2013 Personal data relating to the investigation, prosecution, judgment or execution of personal data<br \/>committed by judicial or enforcement authorities<br \/>Pursuant to Article 28 of the Personal Data Protection Law; in the cases listed below, personal<br \/>data subjects cannot assert their rights other than the right to demand compensation for the damage:<br \/>\u2013 The processing of personal data is necessary for the prevention of crime or for the investigation of crime<br \/>to be<br \/>\u2013 Processing of personal data made public by the personal data subject himself\/herself<br \/>\u2013 The authorized and authorized public authorities based on the authority granted by law to process personal data<br \/>institutions and organizations and professional organizations in the nature of public institutions, auditing<br \/>or regulatory duties and disciplinary investigation or prosecution<br \/>to be necessary for<br \/>SECTION 8 \u2013 PROCESSING OF PERSONAL DATA OF PROSPECTIVE EMPLOYEES<br \/>Personal data of employee candidates collected during the recruitment process and private data collected according to the nature of the job<br \/>Qualified personal data are processed by the Company for the purposes specified and listed below:<br \/>\u2013 The qualification, experience and interest of the employee candidate and his\/her suitability for the vacant position<br \/>evaluate<br \/>15<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>\u2013 If necessary, to check the accuracy of the information provided by the prospective employee<br \/>or contacting third parties and conducting research about the Employee candidate<br \/>\u2013 To contact the prospective employee about the application and recruitment process, or to<br \/>for any position subsequently opened at home or abroad.<br \/>contacting the candidate<br \/>\u2013 To meet the requirements of the relevant legislation or the demands of authorized institutions or organizations<br \/>\u2013 To develop and improve the recruitment principles applied by our company<br \/>Personal data of prospective employees may be collected through the following methods and means<br \/>\u2013 Digital application form published in writing or electronically<br \/>\u2013 Employee candidates may contact the Company via e-mail, cargo, reference and similar methods.<br \/>resumes they have submitted<br \/>\u2013 Recruitment or consulting companies; as prospective employees are also data subjects<br \/>Their requests related to their rights arising from the interview process by using the method described above.<br \/>\u2013 Interviews via video conferencing, telephone or face-to-face interviews<br \/>\u2013 A survey conducted to verify the accuracy of the information provided by the employee candidate<br \/>controls and investigations carried out by the company<br \/>\u2013 Skills and skills assessments conducted and results analyzed by experienced experts<br \/>recruitment tests to identify personality traits<br \/>CHAPTER 9 \u2013 THE COMPANY&#039;S BUSINESS WITHIN THE COMPANY&#039;S FACILITIES AND THROUGH ITS INTERNET WEBSITE<br \/>PERSONAL DATA PROCESSING ACTIVITIES<br \/>Personal data processing carried out by the Company at building facility entrances and within the facility<br \/>activities in accordance with the Constitution, the PDP Law and other relevant legislation<br \/>is carried out.<br \/>In order to ensure security, the Company provides security at the Company buildings and facilities.<br \/>personal data processing for tracking guest entrances and exits with the camera surveillance activity<br \/>activities are carried out.<br \/>Through the use of security cameras and the recording of guest entrances and exits<br \/>Personal data processing activity is carried out by the Company.<br \/>9.1. CAMERA SURVEILLANCE CARRIED OUT AT THE ENTRANCES AND INSIDE THE COMPANY&#039;S BUILDING FACILITIES<br \/>ACTIVITY<br \/>In this section, explanations regarding the Company&#039;s camera surveillance system will be made and personal<br \/>how data, privacy and fundamental rights of the individual are protected<br \/>information will be provided. Within the scope of security camera surveillance activity;<br \/>such as protecting the interests of the company and other persons regarding ensuring the security of the company and other persons<br \/>purposes.<br \/>The camera surveillance activity carried out by the Company is a part of the<br \/>It is carried out in accordance with the Law and relevant legislation.<br \/>16<br \/>This document may not be reproduced and distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>In the execution of camera surveillance activities by the Company for security purposes, the KVK<br \/>The Company acts in accordance with the regulations set forth in the Law. The Company maintains its buildings and<br \/>In order to ensure security in its facilities, in the relevant legislation in force<br \/>for the purposes stipulated and in accordance with the personal data processing conditions listed in the KVK Law<br \/>as a security camera monitoring activity.<br \/>In accordance with Article 10 of the KVK Law by the Company, the personal data owner<br \/>is illuminated. The Company has made disclosures on general issues through the camera.<br \/>notify the monitoring activity through more than one method. Thus,<br \/>preventing harm to the fundamental rights and freedoms of the personal data subject,<br \/>It is aimed to ensure transparency and enlightenment of the personal data owner.<br \/>For the camera surveillance activity by the Company; On the Company website<br \/>this Policy is published (online policy regulation) and monitored<br \/>notification of monitoring is posted at the entrances of the areas (on-site<br \/>(illumination).<br \/>The Company, in accordance with Article 4 of the KVK Law, personal data for the purpose for which they are processed<br \/>in a connected, limited and measured manner.<br \/>The purpose of the Company&#039;s video camera surveillance is for this purpose.<br \/>It is limited to the purposes listed in the Policy. Accordingly, monitoring of security cameras<br \/>areas, number and when monitoring will be conducted, adequate to achieve the security objective and<br \/>is limited to this purpose. Security of personal privacy<br \/>in areas that may result in interference beyond their intended purpose (eg in toilets)<br \/>monitoring is not subject to surveillance.<br \/>Camera surveillance by the Company in accordance with Article 12 of the KVK Law<br \/>the technical means necessary to ensure the security of personal data obtained as a result of the activity<br \/>and administrative measures are taken.<br \/>Regarding the retention period of the Company&#039;s personal data obtained through camera surveillance activities<br \/>detailed information can be found in Article 6.3 of this Policy titled Personal Data Retention Periods<br \/>given.<br \/>Live camera footage and digitally recorded and preserved records<br \/>Only a limited number of company employees have access. The limited number with access to records<br \/>a number of people declare that they will protect the confidentiality of the data they access with a confidentiality undertaking<br \/>is in progress.<br \/>9.2. MONITORING OF GUEST ENTRANCES AND EXITS TO THE COMPANY&#039;S BUILDING FACILITY ENTRANCES<br \/>By the Company; to ensure security and for the purposes specified in this Policy, the Company<br \/>Personal data processing for the tracking of guest entrances and exits in its buildings and facilities<br \/>activities are carried out.<br \/>17<br \/>This document may not be reproduced or distributed without the written permission of Natura G\u0131da Sanayi ve Ticaret A.\u015e.<br \/>While obtaining the names and surnames of the persons who come to the company premises as guests, or while obtaining the names and surnames of<br \/>through texts posted in the premises or otherwise made available to guests<br \/>such personal data owners are enlightened within this scope. Guest check-in and check-out<br \/>data obtained for the purpose of follow-up are processed only for this purpose and the relevant personal<br \/>data are physically recorded in the data recording system.<\/p>\n<p>9.3. RECORDS RELATED TO INTERNET ACCESS PROVIDED TO THE COMPANY&#039;S GUESTS<br \/>STORAGE AND WEBSITE VISITORS<\/p>\n<p>For the purposes of ensuring security by our Company and for the purposes specified in this Policy; log records regarding the internet access of guests during their stay in our facilities can be recorded in accordance with the Law No. 5651 and the mandatory provisions of the legislation regulated in accordance with this Law.<\/p>\n<p>Only a limited number of Company employees have access to the log records obtained within this framework. These records are processed and shared with third parties only upon request by authorized public institutions and organizations or in order to fulfill our legal obligations in the audit processes to be carried out within the Company and\/or to protect our legal rights and to establish the defense rights of our Company.<\/p>\n<p>On the websites owned by the Company; In order to ensure that the people who visit these sites perform their visits on the sites in accordance with their visit purposes; In order to show them customized content and to carry out online advertising activities, internet movements within the site are recorded by technical means (such as cookies).<\/p>\n<p>Detailed explanations regarding the protection and processing of personal data regarding these activities carried out by the Company are included in the \u201cCompany&#039;s Website Privacy Policy\u201d texts of the relevant websites.<\/p>\n<p>SECTION 10 \u2013 ENFORCEMENT and UPDATEABILITY<\/p>\n<p>This Policy was issued and entered into force by the Company on 31.07.2020. The Policy may be updated in whole or in part. The Policy is published on the Company&#039;s naturagida.com website and made available to the relevant persons upon the request of the personal data owners.<\/p>\n<p><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-293783f elementor-widget elementor-widget-wd_table\" data-id=\"293783f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"wd_table.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"wd-el-table-wrap wd-reset-all-last\">\n\t\t\t<table class=\"wd-el-table\">\n\t\t\t\t\t\t\t\t\t<thead class=\"text-left\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<th class=\"wd-table-cell elementor-repeater-item-f34d69e\" colspan=\"2\" rowspan=\"2\">\n\t\t\t\t\t\t\t\t\t<p>Annex 1: DEFINITIONS<\/p>\t\t\t\t\t\t\t\t<\/th>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t<\/thead>\n\t\t\t\t\n\t\t\t\t<tbody class=\"text-left\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-40d7af6\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-0d8dbc8\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Personal Data<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-5f9a062\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Any data relating to an identified or identifiable natural person.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-ac07d1b\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-eb710f5\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Special Qualified Personal Data<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-4bb04e7\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-113bc15\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-ad4a7e5\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Organization<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-2cf7cc2\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>References to the Personal Data Protection Authority.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t<\/tbody>\n\t\t\t<\/table>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-58c7f99 elementor-widget elementor-widget-wd_table\" data-id=\"58c7f99\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"wd_table.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"wd-el-table-wrap wd-reset-all-last\">\n\t\t\t<table class=\"wd-el-table\">\n\t\t\t\t\t\t\t\t\t<thead class=\"text-left\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<th class=\"wd-table-cell elementor-repeater-item-f34d69e\" colspan=\"2\" rowspan=\"2\">\n\t\t\t\t\t\t\t\t\t<p>ANNEX-2: ABBREVIATIONS<\/p>\t\t\t\t\t\t\t\t<\/th>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t<\/thead>\n\t\t\t\t\n\t\t\t\t<tbody class=\"text-left\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-40d7af6\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-0d8dbc8\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>GDPR<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-5f9a062\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Law on the Protection of Personal Data dated March 24, 2016 and numbered 6698 published in the Official Gazette dated April 2016 and numbered 29677<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-ac07d1b\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-eb710f5\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Article 7 GDPR<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-4bb04e7\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>(1) Although it has been processed in accordance with the provisions of this Law and other relevant laws, personal data shall be deleted, destroyed or anonymized by the data controller ex officio or upon the request of the data subject in the event that the reasons requiring its processing disappear.<br \/>(2) The provisions of other laws regarding the deletion, destruction or anonymization of personal data are reserved.<br \/>(3) Procedures and principles regarding the deletion, destruction or anonymization of personal data shall be regulated by regulation.<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-113bc15\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-ad4a7e5\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Turkish Penal Code<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-2cf7cc2\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Turkish Penal Code dated September 26, 2004 and numbered 5237, published in the Official Gazette dated October 12, 2004 and numbered 25611<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-cfea546\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-4bbc904\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Article 138 of the Turkish Penal Code<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-4ce0b19\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>(1) Those who are obliged to destroy the data in the system despite the expiry of the periods determined by the law shall be sentenced to imprisonment from one year to two years if they fail to fulfill their duties.<br \/>(2) (Additional: 21\/2\/2014-6526\/5 Art.) The subject matter of the offense is defined in the Code of Criminal Procedure<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t\t\t\t\t<tr class=\"wd-table-row elementor-repeater-item-2e59885\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-fb80813\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Regulation<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td class=\"wd-table-cell elementor-repeater-item-9644bc8\" colspan=\"1\" rowspan=\"1\">\n\t\t\t\t\t\t\t\t<p>Regulation No. 30224 on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette on Saturday, October 28, 2017<\/p>\t\t\t\t\t\t\t<\/td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/tr>\n\t\t\t\t<\/tbody>\n\t\t\t<\/table>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>KURUMSAL Hakk\u0131m\u0131zda \u00c7erez Politikas\u0131 KVKK Ayd\u0131nlatma Metni Ki\u015fisel Verilerin Korunmas\u0131 ve \u0130\u015flenmesi Politikas\u0131 Bilgi Toplumu Hizmetleri FSEK \u0130leti\u015fim PERSONAL DATA<\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-21653","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/pages\/21653","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/comments?post=21653"}],"version-history":[{"count":0,"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/pages\/21653\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.golfdondurma.com.tr\/en\/wp-json\/wp\/v2\/media?parent=21653"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}