POLICY ON PROTECTION, STORAGE AND DESTRUCTION OF PERSONAL DATA

 
1.Scope and Purpose of Policy on Protection, Storage and Destruction of Personal Data

As Sİ-AR TURİZM VE İNŞAAT ANONİM ŞİRKETİ (hereinafter referred to as "COMPANY" registered at the Istanbul Trade Registry Office with the registry number 167899 and residing at Imrahor Cad.No.82 Beyoglu/Istanbul, we attach great importance to ensuring the confidentiality and security of personal data of natural persons in accordance with the Law No:6698 on Protection of Personal Data.

In accordance with this Policy on Storage and Destruction of Personal Data (hereinafter referred to as "Policy"), Law No.6698 on Personal Data Protection ("PDP" or "Law") and Regulations on Deletion, Destruction or Anonymization of Personal Data (hereinafter referred to as "Regulation"), which entered into force after being published in the Official Gazette on 28 October 2017 and which constitutes the secondary regulation of the Law; the Policy hereby has been drafted for the following purposes;

  • To fulfill our obligations
  • Methods and legal reasons for collecting personal data,
  • The personal data of which groups of people are processed (Data subject Categorization),
  • In which category the personal data of data subjects are processed (Data Categories) and sample data types,
  • For what purposes the relevant personal data are used,
  • Technical and administrative measures taken to ensure the security of personal data,
  • To whom and for what purposes personal data can be transferred,
  • Personal data sharing with public institutions and organizations and official authorities,
  • Storage periods and destruction processes of personal data,
  • This Policy was prepared by the COMPANY as a data controller in order to inform the data subjects about the deletion, destruction and anonymization processes, as well as the principles of determining the maximum storage period required for the purpose of processing your personal data.

This Policy sets the rules and policies to be applied by the COMPANY for employees, employee candidates, interns, references of the employee candidates, people to be contacted in case of emergency, tenants, customers, potential customers, suppliers, customers who receive accommodation services and persons given power of attorney regarding the processing of personal data and the rights of the data subject.

This Policy on Protection, Storage and Destruction of Personal Data, which has been issued in accordance with the Law is made available to natural persons (hereinafter referred to as "data subject") whose personal data are processed.

2. Definitions:

Explicit Consent: Consent about a specific subject based on information and expressed in free will.

Recipient group:The category of natural or legal persons to whom personal data is transferred by the data controller,

Relevant user:Any person who processes personal data in accordance with the authority and order received within the data controller institution or from the data controller, except the person or unit responsible for the technical storage, protection and backup of the data,

Destruction:Deletion, destruction or anonymization of personal data,

Law:: Law No. 6698 on Protection of Personal Data dated 24/3/2016 ,

Recording Medium:Any media in which the personal data that is wholly or partially automatic or acquired by non-automatic means provided that it is a part of any data recording system are located,

Personal Information: Any information related to the identified or identifiable real persons,

Processing of Personal Data: All kinds of processes performed on personal data including obtaining, recording, storing, keeping, changing, re-arranging, disclosure, transmission, acquisition, making available, classification or prevention of use in whole or in part, automatically or in non-automatic ways, being part of any data recording system,

Anonymization of personal data: Anonymization of personal data implies that personal data cannot be associated with any particular or identifiable real person in any way even when the personal data is paired with other data,

Deletion of personal data: Deletion of personal data means making personal data inaccessible and unavailable in any way for Relevant Users,

Destruction of Personal Data:Process of making personal data inaccessible, recoverable and unusable by anyone,

Board:Personal Data Protection Board,

Sensitive personal data:Information about security measures with biometric and genetic data of people with respect to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership to an association, foundation or trade union, medical condition, sexual life, criminal conviction.

Registry:The data controllers registry kept by the Personal Data Protection Authority,

Periodic destruction: The deletion, destruction or anonymization process to be carried out ex officio at recurring intervals specified in the personal data storage and disposal policy in case all the conditions for processing personal data included in the law are eliminated,

Data subject/Contact person: The real person whose personal data is processed,

Data Recording System: Recording system in which personal data is processed by organizing according to certain criteria,

Data controller: It refers to real or legal person responsible for identifying the purposes and means of personal data processing and installing and managing data recording system,

Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette on October 28, 2017.

3. Data Subject Categorization

The COMPANY groups the data subjects whose personal data is processed as follows, and these groups of individuals may be expanded in the light of the process and legal reasons specified in this policy.

  1. Customers
  2. Potential Customers
  3. Suppliers
  4. Lessees
  5. Accommodation Service Customers
  6. Employees
  7. Interns
  8. Employee Candidates
  9. References to Employee Candidate
  10. Third Persons Given Power of Attorney
  11. Contact Information in Emergency Situations

a. Data Categories and Sample Data Types
No
Data Subject
Data Category
Data Types
1.
Customer
Id Info
Name-Surname, Gender, TR Identity Number, TR Identity Information (ID serial number, family order number etc.), Date of Birth, Place of Birth, Marital Status, Nationality, Religion (former ID), Passport Number, Signature
Contact Details
Address (home/work), Email, Phone / Mobile Phone
Financial Information (Customer Transaction)
Bank Account Information, IBAN Number, Payment Information, Check Copies
Professional Experience
Industrial Information, Work Place and Title Information
Visual and Audio Records
Camera Recording In Case of Coming to the Company
Legal Procedure and Compliance Information
Tax Board, Signature Circular
2.
Potential Customers (Business Cards)
Id Info
Name & Surname
Contact
E-mail Address
Professional Experience
Workplace and Title
3.
 
 
Suppliers
Id Info
Name-Surname, Gender, TR Identity Number, TR Identity Information (ID serial number, family order number etc.), Date of Birth, Place of Birth, Marital Status, Nationality, Religion, Passport Number, Signature, Name and Surname of the Supplier Employee (for invoice delivery)
Contact Details
Address, Email, Phone / Mobile Phone, Supplier Employee's Mobile Phone Number (for invoice delivery)
Financial Information
Bank Account Information, IBAN Number, Payment Information, Check Copies
Business Info
Industrial Information, Work Place and Title Information
Legal Procedure and Compliance Information
Signature Circular, Tax Plate, Certificate of Activity, Trade Registry Gazette
Visual and Audio Records
Camera Recording In Case of Coming to the Company in Person
4.
Lessees
Id Info
Name Surname, TR Identity Number, Signature
Contact Details
Certificate of residence, address,
Legal Action
Authorized Signatory List
Visual and Audio Records
Camera Recording In Case of Coming to the Company in Person
5.
Customers Receiving Accommodation Service
Id Info
Full Name, TR Identity Number, Passport Number, Mother's Name, Father's Name, Gender, Date of Birth, Full Name of the Persons with whom s/he comes, Signature
Contact Details
Mobile Phone Number, E-Mail Address, Address, Country-City Information, Zip Code,
Finance Information
Room Fee, Payment Method, Total Amount Paid
Customer Transaction
Credit Card Number, Credit Card Expiry Date, Security Code
Other information
Whether to ask for Room Cleaning or Breakfast, Membership Information, License Plate Information, if available, referred room type, room number, check-in and check-out dates, flight information, departure time, number of days for accommodation, number of people to arrive
6.
Employees
Id Info
Full Name, Gender, TR Identity Number, TR Identity Information (ID serial number, family order number, etc.), Date of Birth, Place of Birth, Marital Status, Nationality, Religion, Signature, Certificate of Identity Registration (if any, of their children), Passport number
Contact Details
Address, E-mail, Telephone/Mobile Phone, Certificate of Residence
Financial Information
Bank Account Information, IBAN Number,
Visual and Audio Records
Video Recording and Photo, Passport Photo, Camera Recording
Personal Files
Curriculum Vitae, Foreign Language Knowledge, Computer Skills Information, consent of the parents if under 18, military service status information, discount letter from the Revenue Administration for those benefiting from disability discount, work permit card or photocopy for foreigners, Turkish Employment Agency document, former convict and application registration document for disabled workers, AGI form, Employment Contract, Professional Seniority
Professional Experience Information
Journeyman's Certificate, Hygiene Certificate, Diploma Information, Foreign Language Knowledge, Certificates, Letter of Recommendation and Course Participation Certificates, If any,  In-Service Training Information, Graduation Information, Vocational Qualification Certificates, information on the prior workplace, salary information, department s/he worked and Title, References
Other information
Information on Number of Children, Performance Evaluation Results, If Provided any Training, Place/Time/Subject Information of Training, Upper Body and Lower Body Size
Health Information
Information on any Disease that will Restrict Doing Business, Physical Disability Status, Blood Type Card, Health Check Report For Kitchen Workers,
Legal Action Information
Letter About Employees Received From Judicial and Administrative Authorities
7.
Interns
Identity Information
Full Name, Gender, TR Identity Number, TR Identity Information (ID serial number, family order number, etc.), Date of Birth, Place of Birth, Marital Status, Nationality, Religion, Signature, Certificate of Identity Registration, Passport number
Contact Information
Certificate of Residence, Address, E-mail, Telephone / Mobile Phone
Health Information
Health Report, Physical Disability Status, Blood Type Card
Visual and Audio Records
Photo/Video, Camera Recording
Professional Experience
Hygiene Certificate, Diploma Information, Foreign Language Knowledge, Certificates, In-Service Training Information, Graduation Information, Vocational Qualification Certificates, Letter of Recommendation and Course Participation Certificates, if any, References
Personnel Information
Curriculum Vitae, Foreign Language Knowledge, Computer Skills Information, consent of the parents if under 18, military service status information, discount letter from the Revenue Administration for those benefiting from disability discount, work permit card or photocopy for foreigners, Turkish Employment Agency document, former convict and application registration document for disabled workers,
Other information
If Provided with any Training, Place/Time/Subject Information of Training, Upper Body and Lower Body Size
Financial Information
Bank Account Information, IBAN Number,
8.
Employee Candidates
Id Info
Name- Surname, Date of Birth and Place of Birth, Signature
Contact Details
Address, Phone, Email Address
Personal Files
Resume Information, Military Status Information
Professional Experience Information
Diploma Information, Foreign Language Knowledge, Certificates, Information on Courses Participated, In-Service Training Information, Graduation Information, Previous Work Experience, Computer Program Information, Computer Programs Information, Department of Application
Visual Records
Camera Recording In Case of Coming to the Company in Person
Other information
Salary Expectation
9.
Reference to an Employee Candidate / Employee / Intern
ID
Name & Surname
Contact
Work Place, Title, Phone Number
Visual Recording
Camera Recording In Case of Coming to the Company in Person
10.
Third Persons Given Power of Attorney
Identity Information
Name-Surname, Gender, TR Identity Number, TR Identity Information (ID serial number, family order number etc.), Date of Birth, Place of Birth, Marital Status, Nationality, Religion, Passport Number, Sample Signature
Contact Details
Address, Phone, Email Address
Professional Experience Information
Industrial Information, Work Place and Title Information
Visual Records
Camera Recording In Case of Coming to the Company in Person
11.
Contact Information in Emergency Situations
Identity Information
Full Name
Contact Information
Phone Number, Address
   
4.Explanations Regarding the Reasons Requiring the Storage and Destruction of Personal Data
a.Processing Purposes Requiring the Storage of Personal Data

Personal data are used by the COMPANY for the following purposes;

  • Carrying out the application and placement process by evaluating the qualifications of employee candidates and interns
  • Fulfillment of Obligations Arising From Employment Contracts and Legislation for Employees/Interns
  • Execution of Vested Benefit and Interest Processes for Employees
  • Conducting necessary activities by our respective business units and performing related business processes in order to carry out commercial activities by the Company;
  • Planning and/or Execution of Business Continuity Activities
  • Execution of Customer Relationship Management Processes
  • Follow-up of Company Financial and Accounting Affairs
  • Planning and/or Execution of External and Internal Training Activities
  • Management of Relations with Business Partners and/or Suppliers
  • Planning and Execution of the Sales Process of Products and/or Services
  • Execution of Contract Signing Processes
  • Planning and Execution of Customer Relationship Management Processes
  • Planning and Execution of Market Research Activities for the Sales and Marketing of Products and Services,
  • Execution of Training / Event / Organization Processes
  • Planning and Execution of Marketing Processes of Products and/or Services,
  • Following Legal Affairs and Fulfilling Legal Responsibilities
  • Planning and Execution of the Operational Activities Required to ensure that the Company's Activities are carried out in compliance with the Company Procedures and/or Relevant Legislation
  • Providing Information to Authorized Institutions Based on Legislation

b. Reasons Requiring the Destruction of Personal Data

Pursuant to the Regulation, the personal data of the data subjects are destroyed by the COMPANY, either directly or upon request, in the following cases:

  1. Amendment or abolition of relevant legislative provisions that constitute the basis for the processing or storage of personal data,
  2. The disappearance of the purpose that requires the processing or storage of personal data,
  3. The disappearance of conditions that require the processing of personal data in Articles 5 and 6 of the Law.
  4. In cases where the processing of personal data takes place only in accordance with the explicit consent condition, the relevant person's withdrawal of his/her consent,
  5. Accepting the application of the relevant person regarding the deletion, destruction or anonymization of his/her personal data within the framework of the rights of Article 11 of the Law in paragraphs 2 (e) and (f) by the data controller,
  6. In cases where the data controller rejects the application made by the relevant person on the request of deletion, destruction or anonymization of his/her personal data, or his response is found inadequate, or does not respond within the period stipulated by the Law; existence of complain to the Board and approval of this request by the Board,
  7. Although the maximum time requiring personal data to be stored has passed, the non-existence of any conditions to justify storing personal data for longer.
5. Technical and Administrative Measures Taken To Ensure the Security of Personal Data

The COMPANY undertakes to take all necessary technical and administrative measures and show due diligence to ensure the confidentiality, integrity and security of your personal data. In this context, it takes the necessary precautions to prevent the misuse, illegal processing, unauthorized access to data, disclosure, alteration or destruction of personal data.

The COMPANY takes the following technical and administrative measures to prevent unlawful access to the personal data it processes, to prevent unlawful processing of these data and to ensure the protection of personal data:

a. Administrative Measures Taken:
Administrative measures taken for personal data;
  • Awareness trainings are provided to employees.
  • Written commitment on confidentiality is received from employees.
  • The employees are enlightened and have them signed the Information Statement.
  • The Information Statement signed by the customers is stored in their files.
  • Employees are informed about the Policy on Storage and Destruction of Personal Data, and updated versions are shared via e-mail so that they are always accessible.
  • Written documents are kept in lockers.
  • The data in the computer environment is encrypted and access is allowed only by authorized persons.
Administrative measures taken for Sensitive Personal Data,

In addition to the administrative measures taken for Personal Data,

  • Regular trainings on data security are provided to employees involved in the processing of sensitive personal data.
  • Extra security measures are taken in the environments where the data is processed and stored, and only authorized persons have access them.
  • The phrase "classified documents" is added to be transferred on paper.
b. Technical Measures Taken:
Technical measures taken for personal data;
  • Network security and application security are ensured.
  • Key management is implemented.
  • Security measures are taken within the scope of supply, development and maintenance of information technology systems.
  • The security of personal data stored in the cloud is ensured.
  • There are disciplinary regulations that include data security provisions for employees.
  • Training and awareness activities are carried out at certain intervals on data security for employees.
  • Access logs are maintained regularly.
  • Corporate policies on access, information security, usage, retention and disposal have been prepared and implemented.
  • Letters of undertaking on confidentiality are prepared.
  • The authorities of the employees who have been subject to change of duty or left jobs are revoked regarding their previous duties.
  • Current anti-virus systems and firewalls are used.
  • Firewalls are implemented.
  • The signed contracts contain the provisions on data security.
  • Necessary security precautions are taken for entering and exiting physical environments containing personal data.
  • The security of environments containing personal data against external risks is ensured.
  • Security of environments containing personal data is ensured.
  • Personal data is reduced as much as possible.
  • Log records are maintained in such a way that there is no user intervention.

Technical measures taken for sensitive personal data:

In addition to the technical measures taken,

  • A separate systematic, manageable and sustainable policy and procedure are set for the security of sensitive personal data.
  • Regular training is provided in topics such as the Law and related regulations and security of sensitive personal data,
  • Confidentiality agreements are made.
  • The authorities of the employees who have been subject to change of duty or left jobs regarding their previous duties are immediately revoked.
  • It is ensured that sufficient security measures are taken according to the nature of the medium in which the Sensitive Personal Data are stored (against electricity leaks, fire, flood, theft etc.).
  • Physical security of these environments is provided and unauthorized entries and exits are prevented. In case data is required to be transferred via paper media, necessary measures are taken against risks such as theft, loss of documents or unauthorized disclosure, and the documents are sent in the form of "classified documents".
6. To Whom and for What Purpose the Processed Personal Data Are Transferred

The COMPANY transfers personal data to third parties only in line with the purposes specified in this Policy on Protection, Storage and Destruction of Personal Data and in accordance with Articles 8 and 9 of the Law.

In this context, personal data transfers are carried out through secure media and channels provided by the relevant third party.

In addition to the technical measures to ensure the security of the personal data subject to the transfer mentioned above; they are also legally protected thanks to the Law-compliant provisions included in our contracts considering that the counterparty of the legal relationship is a data controller or data processor.

The COMPANY pays strict attention to process your personal data in accordance with the "need to know" and "need to use" principles, by providing the necessary data minimization and taking the necessary technical and administrative security measures. Since the execution or supervision of business activities, ensuring business continuity, and the operation of digital infrastructures require continuous data flow with different stakeholders, we have to transfer the personal data we process to third parties for the purposes specified in the Information Statements for each relevant person.

7. Recording Medium:

Personal data of data subjects are stored securely by the COMPANY in accordance with the relevant legislation, in particular the provisions of the PDP Law, in the mediums listed below:

a. Electronic Mediums:

File server (server with common files),

DHCP (service that distributes IP to computers),

Proxy (an application that records internet access, allows or blocks access),

The application that collects the logs required to be taken according to the Law No. 5651,

Backup applications and media,

Accounting application,

Database systems (environment where application data is kept),

Terminal servers (servers that enable applications to be accessed and run),

Personal Computers (Desktop, laptop)

Printer, scanner, copier

Non-Electronic Media:

Paper

Written, printed and visual media.

8. Storage of Personal Data and Destruction Times

The following criteria are used in determining the storage and destruction periods of your personal data obtained by the COMPANY in accordance with the provisions of the Law and other relevant legislation:

a.If a period is stipulated in the legislation regarding the storage of the said personal data, this period is obeyed. Following the expiry of the stated period, action is taken regarding the data within the scope of subparagraph (b).

b.In the event that the period stipulated in the legislation regarding the storage of the relevant personal data has expired or there has been no period stipulated in the relevant legislation regarding the storage of such data;

  • Personal data are classified as personal data and sensitive personal data based on the definition in Article 6 of the Law on PDP. All personal data determined to be of sensitive nature are destroyed. The method to be applied in the destruction of the relevant data is determined by the quality of the data and importance of the storage in the eye of the COMPANY.
  • Compliance of data storage with the principles specified in Article 4 of the Law on PDP is sought, for example; it is questioned whether the COMPANY has a legitimate purpose in storing the data. The data that is determined to be violating the principles in Article 4 of the Law on PDP if stored is deleted or destroyed.
  • It is determined the data storage which of the exceptions stipulated in Article 5 and Article 6 of the Law can be considered for the data storage. Reasonable periods are determined for data storage within the framework of the exceptions determined. Data are deleted or destroyed if the said periods expire.
9. Legal Reasons Requiring Storage

The data are kept by the COMPANY in line with the periods stipulated in the legislation within the scope of its activity, especially in the legislation stated below:

  • Law on Protection of Personal Data No. 6698,
  • Turkish Code of Obligations No. 6098,
  • Turkish Commercial Code No 6102
  • Labour Law No. 4857,
  • Social Security and General Health Insurance Law No. 5510,
  • Law No. 5651 on Regulating Internet Broadcasting and Combating Crimes Committed Through Internet Broadcasting,
  • Occupational Health and Safety Law No. 6331,
  • Law No. 2634 for the Encouragement of Tourism
  • Law No.17996 on the Relations of Tourism Enterprises with the Ministry, One Another and Their Customers
  • Other secondary regulations in force under these laws
Data Type
Storage Period
Destruction Times
Personal Data Regarding Customers, Suppliers and Lessees
10 years after the legal relationship ends; In the first periodic destruction period following the expiry of the storage period
Personal Data Regarding Customers Receiving Accommodation Service
5 years from the Service Provision, and Credit Card Information for 6 months from the Service Provision In the first periodic destruction period following the expiry of the storage period
Camera Record Taken to Ensure the Security of the Physical Space
1 month In the first periodic destruction period following the expiry of the storage period
Personal Data of Authorized Third Persons
10 years after the legal relationship ends In the first periodic destruction period following the expiry of the storage period
CV and Personal Information Received During Job Application
2 years In the first periodic destruction period following the expiry of the storage period
Personal Data Received Regarding Employees
10 years from the termination of the Employment Contract In the first periodic destruction period following the expiry of the storage period
Personal Data Received Regarding Interns
2 years from the end of the internship In the first periodic destruction period following the expiry of the storage period
All Records Regarding Accounting and Financial Transactions
10 years In the first periodic destruction period following the expiry of the storage period

In order to exercise your rights over your personal data; you can make necessary changes, updates and/or deletions and related requests via the "Contact Form" you can access from the COMPANY's Website, and through the COMPANY's official e-mail address www.tem76.com and the official phone number "0090 262 527 85 60".

10. Methods Used For Legal Destruction Of Personal Data

The COMPANY has established a unit ("Technical Unit") responsible for the destruction of the personal data it processes in accordance with the law. The Technical Unit ensures the deletion of personal data in a way that they can be processed only by the relevant users, and cannot be processed for all other unrelated sections.

a. Deletion of Personal Data

Deletion of personal data is the process of making personal data inaccessible and unusable for the users concerned in no way. The data controller takes all necessary technical and administrative measures to ensure that the deleted personal data are inaccessible and unusable for the relevant users.

i. Deletion Process of Personal Data

The processes followed in deleting personal data are as follows:

  • Determining personal data to be deleted
  • Identifying the relevant users for each personal data using an access authorization and control matrix or a similar system
  • Determining the authorizations and methods of the relevant users such as access, retrieval and reuse
  • Closing and eliminating the authorization and methods of access, retrieval, reuse within the scope of personal data of the relevant users
ii. Deletion Methods of Personal Data
a) Application Type Cloud-Based Solutions

In the cloud system, data is deleted by giving a delete command. While performing the said process, it is noted that the relevant user is not authorized to retrieve deleted data on the cloud system.

b) Personal Data on Paper Media

Personal data in paper media are deleted using the blackout method. The blackout process is done by cutting the personal data on the relevant documents whenever possible, and making them invisible to the relevant users by using fixed ink, which is irreversible and cannot be read with technological solutions.

c) Office Files on the Central Server

The file is deleted with the delete command in the operating system or the access rights of the relevant user on the directory where the file or file is located are removed. While performing the aforementioned operation, it is noted that the relevant user is not the system administrator at the same time.

d) Personal Data on Portable Media

Personal data in flash-based storage media is stored encrypted and deleted using software suitable for these media.

e) Databases

The relevant lines containing personal data are deleted by database commands (DELETE etc.). While performing the said operation, it is noted that the relevant user is not a database administrator at the same time.

Personal data in paper and electronic media, whose purpose of processing is completely eliminated, is destroyed or deleted in accordance with the Guidelines on Deletion, Destruction or Anonymization of Personal Data published by the Personal Data Protection Authority. All deletion and destruction operations performed by the Technical Unit are logged and recorded electronically with a time stamp. A report regarding the performance of such operations for personal data in paper media is issued and kept by the Technical Unit. Records of deletion or destruction of personal data in electronic and paper media are kept for three years. The Company uses the method of "deleting" in a way that only the relevant departments can access these data during the retention periods of personal data. If the storage period expires and there is no other purpose that requires the storage of personal data, the Company uses the anonymization method.

b. Destruction of Personal Data

Destruction of Personal Data is the process of making personal data inaccessible, irreversible and nonreusable by anyone in no way. The Company takes all necessary technical and administrative measures regarding the destruction of personal data.

i. Methods of Destruction of Personal Data

In order to destroy personal data, all copies of the data are detected and destroyed one by one using one or more of the following methods, depending on the type of systems in which the data is located.

  1. a) Local Systems

The following methods are used to destroy data on these systems.

  • Physical Destruction: It is the physical destruction of optical media and magnetic media such as melting, burning or pulverizing. Data is made inaccessible by processes such as melting, burning, pulverizing or passing optical or magnetic media through a metal grinder. For solid hard disks, if the overwriting or de-magnetization process is not successful, this media is also physically destroyed.
  • Overwriting: It is the process of preventing the recovery of old data by writing random data consisting of 0s and 1s at least seven times on magnetic media and rewritable optical media. This process is performed using special software.
b) Environmental Systems: The destruction methods that can be used depending on the media type are as follows:
  • Network devices (switches, routers, etc.): The storage environments inside these devices are fixed. Products often have a delete command, but do not have a destruction feature. It is destroyed using one or more of the suitable methods specified in (a).
  • Flash-based environments:Flash-based hard disks that have ATA (SATA, SSD, PATA, etc.), SCSI (SCSI Express, etc.) interface are deleted using the command if supported, if not supported, using the manufacturer's recommended destruction method, or using one or more of the appropriate methods specified in item (a).
  • Mobile phones (Sim card and fixed memory areas): There are delete commands in fixed memory areas on portable smartphones, but most do not have a destroy command. It is destroyed using one or more of the appropriate methods specified in item (a).
  • Environmental units such as printers with removable data recording media: It is destroyed by using one or more of the appropriate methods specified in item (a), depending on their characteristics after verifying that all data recording media have been removed.
  • Environmental units such as printers whose data recording medium is fixed:Most of the systems in question have a delete command, but no destroy command. It is destroyed using one or more of the appropriate methods specified in item (a).
c) Paper Media

The main medium is destroyed, as the personal data in these media is permanently and physically written on the media. While this process is being carried out, the media is divided into small pieces in an incomprehensible size, horizontally and vertically, in such a way that it cannot be put back together by shredding or shearing machines.

Personal data transferred from the original paper format to the electronic medium through scanning are destroyed by using one or more of the appropriate methods specified in item (a), depending on the electronic environment they are in.

d) Cloud Environment

When the cloud computing service relationship expires, all copies of the encryption keys required to make personal data available are destroyed. In addition to the above media, the process of destroying personal data in devices that are malfunctioning or sent for maintenance is carried out as follows:

  • Destruction of the personal data contained in the relevant devices by using one or more of the appropriate methods specified in item (a) before they are transferred to third parties such as manufacturers, vendors, service points for maintenance and repair,
  • Where it is not possible or feasible to destroy, the data storage media is removed and stored, and other failed parts are sent to third parties such as manufacturers, dealers and service points for maintenance and repair,
  • Necessary measures are taken to prevent personnel coming outside for maintenance or repair from copying and taking personal data out of the institution.
11. Periodic Destruction Period

The Company destroys personal data, whose retention period has expired and does not have any other data processing purpose requiring storage of personal data, within 6 months following the expiration of the retention period.

12. Periods of deletion and destruction of personal data, if requested by the Relevant Person

When the relevant person refers to the Company and requests the deletion or destruction of his/her personal data;

a) If all the conditions for processing personal data have disappeared; the Company deletes, destroys or anonymizes the personal data subject to the request. The Company finalizes the deletion or destruction requests of the relevant persons within "thirty days" at the latest.

b) If all the conditions for processing personal data have disappeared and the personal data subject to the request is transferred to third parties; the Company notifies the third party of this situation and requests the deletion or destruction of the personal data in question.

If all the conditions for processing personal data have not disappeared, this request may be rejected by the Company, in accordance with the third paragraph of Article 13 of the Law by explaining the grounds for rejection and the rejection shall be notified to the relevant person in writing or electronically within thirty days at the latest.

13. Title, Unit and Job Descriptions of the Persons involved in the Storage and Destruction Processes
Title Unit Position
Sales & Marketing-Operations Manager General Directorate S/he is responsible for the Company employees to act in accordance with the Policy and to carry out the PDP process within the Company in full compliance with the relevant legislation.
Sales & Marketing-Operations Manager General Directorate S/he is responsible for the preparation, execution, publication and updating of the Policy in relevant environments.
General Manager of the Consultant IT Company Information Technologies She is responsible for providing the technical solutions needed in the implementation of the Policy.
General Manager of the Consultant IT Company Information Technologies S/he is responsible for ensuring internal audits.
 
14. Amendments to the Policy on Protection, Storage and Destruction of Personal Data

The COMPANY can always make amendments in the Policy on Protection, Storage and Destruction of Personal Data. These amendments become effective immediately upon the publication of the new amended Policy on Protection, Storage and Destruction of Personal Data. You will be informed about the amendments in this Policy on Protection, Storage and Destruction of Personal Data.

 

DISCLOSURE STATEMENT ON THE PROTECTION OF PERSONAL DATA FOR CUSTOMERS AND 3RD PARTIES

As Sİ-AR TURİZM VE İNŞAAT ANONİM ŞİRKETİ (hereinafter referred to as "COMPANY") in the capacity of Data Controller, we show utmost sensitivity to the protection of fundamental rights and freedoms, especially privacy of personal life, while carrying out our activities, mainly ensuring the security and processing your personal data.

Some of your personal data are processed by the COMPANY in the capacity of data controller. With this Disclosure Statement, we inform you about the methods of collecting and transferring your personal data, the purposes of processing, legal reasons and your rights in accordance with the provisions of the Law No.6698 on Protection of Personal Data ("PDP"). This Disclosure Statement cover all the real persons whose personal data are processed by the COMPANY, except COMPANY employees and interns and employee candidates who have submitted job applicants to the COMPANY.

The COMPANY reserves the right to update this Disclosure Statement at any time within the framework of the amendments to be made in the legislation and the changes to be made in the purposes of processing and transferring personal data. You can always easily follow the updates on our website.

In addition, we will also share our Personal Data Storage and Destruction Procedure with you upon your request.

Data Controller

In accordance with the Law on PDP, your personal data can be processed within the scope specified in this Disclosure Statement by our company entitled Sİ-AR TURİZM VE İNŞAAT ANONİM ŞİRKETİ, as the data controller, established as an Incorporated Company under the laws of the Republic of Turkey, registered before Istanbul Trade Registry with the registry number 167899 and residing at Imrahor Cad.No. 82 Beyoğlu/İstanbul.

Personal Data and Processing of Personal Data

In accordance with the Law on PDP, any information that makes your identity specific or identifiable constitutes your personal data. Personal data includes any information relating to the race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, and information concerning health, sexual life, criminal convictions and security measures, while the biometric and genetic data are regarded as sensitive personal data.

Processing of your personal data refers to all kinds of operations performed on the data such as obtaining, saving, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of these data in accordance with the Law on PDP.

Although they vary according to the legal relationship between you and our company;your personal data processed in the capacity of a data controller;

Cover the information included in the authorized signatures list such as (name, surname, TR ID number, mother's name, father's name, date of birth, nationality, signature etc.), tax plate, certificate of activity, copy of the trade registry gazette, e -mail address, mobile phone number, address, company name and title, payment information, camera recording in case of actual arrival to the company in order to ensure signatory control so as to establish a contractual relationship between the authorities of legal persons or real person customers,

Cover the information included in the authorized signatures list such as (name, surname, TR ID number, mother's name, father's name, date of birth, nationality, signature etc.), e -mail address, mobile phone number, address, company name and title, payment information, camera recording in case of actual arrival to the company, in order to ensure signatory control so as to establish a contractual relationship between the authorities of legal person lessees or real person lessees,,

Cover the information included in the authorized signatures list such as (name, surname, TR ID number, mother's name, father's name, date of birth, nationality, signature etc.), tax plate, certificate of activity, copy of the trade registry gazette, e -mail address, mobile phone number, address, company name and title, payment information, camera recording in case of actual arrival to the company in order to ensure signatory control so as to establish a contractual relationship between the authorities of legal person suppliers or real person suppliers,

In order to establish an accommodation contract with the customers receiving accommodation service, they include name and surname, TR ID number, passport number, date of birth, address, e-mail address, mobile phone number, name and surname of the persons with whom they come together, signature, entry-exit date, number of days to stay, preferred room, room fee, room number, payment method, room cleaning or breakfast request information, membership information, vehicle license plate, credit card information (credit card number, expiry date, security code), amount paid, flight information, landing time, number of people arriving in case of shuttle service requested, camera recording taken to ensure physical security and other complementary information.

Purpose of Processing Personal Data and Retention Periods

The COMPANY processes the personal data for 10 years from the end of the business relationship and the personal data of customers receiving accommodation services for 5 years (credit card information for 6 months from the date of service provision) within the scope of the Turkish Commercial Code, Turkish Code of Obligations and other legal regulations in order to continue its business activities, ensure customer satisfaction, fulfill its contractual and legal obligations.

In addition; the COMPANY processes personal data for the purposes of ensuring the legal and commercial security of its customers/suppliers and other real persons whose data are processed, carrying out storage and archiving activities, determining commercial and business strategies, carry outing information security processes, carrying out audit activities, carry outing service sales processes, maintaining commercial activities, carrying out finance and accounting transactions, carrying out communication activities, providing after-sales support, providing information to authorized persons, institutions and organizations, carrying out service marketing processes, following and carrying out legal affairs, carrying out risk management processes, carrying out marketing analysis activities, following up requests and complaints.

Your personal data are processed in compliance with the principles of compliance with the law and good faith, being accurate and up-to-date when necessary, being processed for specific, clear and legitimate purposes, being connected, limited and proportionate to the purpose for which they are processed, and being retained for the time specified in the relevant legislation and required for the purpose for which they are processed.

Method and Legal Reason of Collecting Personal Data:

We maintain our activities by accessing your personal data in written or electronic media through channels such as our general directorate, organizations we hold, our call center by automatic or non-automatic methods from all other verbal, written or electronic media and through other channels that our Company communicates with you or may communicate with you in the future in order to be able to provide the services we provide within the determined legal framework and to fulfill our Company's responsibilities arising from the contracts and legal legislation in a complete and correct manner.

Your personal data collected for this legal reason can be processed and transferred within the framework of the personal data processing conditions and purposes specified in Articles 4, 5 and 6 of the KVK Law and for the purposes specified in this Disclosure Statement. The legal reasons for processing are as follows: the necessity to process your personal data, provided that we establish a contractual relationship with you or are directly related to our performance obligation arising from this contract (Ex. access to your identity information by obtaining authorized signatures list within the scope of the contract signature process, processing your contact information in order to provide communication in terms of service provision, recording your IBAN number for tracking payment activities, obtaining credit card information within the scope of payments of customers receiving accommodation service), the legitimate interest of the data controller (for example, keeping visitor records to ensure physical space security), your explicit consent we receive from you when necessary (transfer of your processed personal data to our business partner abroad)

Transfer of Personal Data:

Your personal data collected can be processed and transferred to COMPANY's group companies, business partners abroad (Only information on customers receiving accommodation service is transferred abroad), shareholders, affiliates and subsidiaries, consultants, auditors and/or suppliers/supplier employees and customers/customer employees, business partners and service providers providing and operating IT infrastructure services, business partners and service providers providing services in the fields of quality control, complaint management and risk analysis of our services, legally authorized public institutions and private persons or organizations and third parties, the administrative authorities, judicial authorities or the relevant law enforcement agencies, if log records are requests to solve legal disputes or as required by the relevant legislation, the relevant insurance company if required, agency, law firm and the third parties specially designated in cases where required by the legitimate interest of the data controller, limited to the purposes specified in this disclosure Statement.

Rights of Personal Data Subjects

Regarding your personal data, you have the following rights:

  1. To find out whether your personal data are processed or not,
  2. To request information regarding the personal data if they are processed,

  • To find out for what purpose your personal data are processed and whether it is used for these purposes,
  1. To know the third parties to whom your personal data have been transferred inside or outside the country,
  2. To request the correction of incomplete or incorrect processing of personal data;
  3. To request the deletion or destruction of your personal data,

  • To request notification of your rectification, deletion and destruction requests to third parties to whom your personal data have been transferred,
  • To object to the emergence of a consequence against you by analyzing your processed data exclusively through automated systems,

  1. To claim damages if you incur losses due to unlawful processing of your personal data.

You can send your requests for information, correction, deletion, destruction and objections in writing to our postal address or e-mail address below or by other methods determined by the Personal Data Protection Board.

Mailing Address: İmrahor Cad.No.82 Beyoğlu/İstanbul

E-mail address:info@si-ar.com

We undertake that your personal data will always be processed in accordance with the relevant legislation and our Company's own data protection policies, that your personal rights will be protected, your personal data will be kept confidential, we will take all necessary technical and administrative measures and to take due careto to ensure confidentiality and security.

 

DISCLOSURE STATEMENT FOR CAMERA RECORDING

I. Data Controller

In accordance with Law No. 6698 on Protection of Personal Data (hereinafter referred to as "Law"), your personal data is processed by Sİ-AR TURİZM VE İNŞAAT ANONİM ŞİRKETİ (hereinafter referred to as "Company") within the scope described below.

II. Methods and Legal Reasons of Collecting Personal Data

This Camera Disclosure Statement is to inform you that video surveillance cameras have been installed in the Company's buildings, facilities, compounds, workplaces, premises, control areas, stores, courtyards, entrance doors, building exterior, entrances of office areas, event areas, dining hall, cafeteria, waiting room and floor corridors and other service areas and other areas with the following warning signs (referred to as “Company premises”). The video surveillance system records and processes images of individuals and items passing through the range of these systems. The system operates continuously 24 hours a day, 7 days a week. Visual information and camera records are processed through the video surveillance system.

Your personal data are processed for the purposes of fulfilling the legal obligation (for example, the detection and prevention of unauthorized access to work areas in order to ensure information security) or providing the legitimate interest of the data controller (for example, to keep camera records to ensure physical space security, to detect and investigate violations of workplace rules) or in cases explicitly stipulated in the laws (Law No.5188 on Private Security Services, Labor Law No.4857, Occupational Health and Safety Law No.6331) based on legal reasons.

III. Purposes of Processing Personal Data

Your personal data specified above may be processed for the purposes listed below, which are the subject of your disclosure of this data to us:

  • Protection of company premises, individuals, property, products on premises from any attack, theft, robbery or any kind of damage
  • Ensuring the security of company premises, infrastructure, products, operations and taking precautions against all kinds of security violations
  • Providing information to authorized persons, institutions and organizations
  • Ensuring the legal, technical and commercial occupational safety of the Company and the persons in business relations with the Company
  • Planning, auditing and enforcement of information security processes
  • Control of entry and exit to the workplace
  • Creating and tracking visitor records
  • Planning and/or execution of occupational health and/or safety processes and fulfillment of obligations related to these purposes
  • Prevention of fire and similar disasters
  • Management of the areas where the company premises are located (such as technopark, shopping mall, parking lot, private areas)
  • Identifying and investigating violations of workplace rules
  • Conducting emergency management processes

IV. Transfer of Personal Data

The COMPANY pays strict attention to process your personal data in accordance with the "need to know" and "need to use" principles, by providing the necessary data minimization and taking the necessary technical and administrative security measures. We have to transfer the personal data we process to third parties for certain purposes, since the security of the company's premises, the execution or supervision of ensuring compliance with the workplace rules, and the operation of digital infrastructures require continuous data flow with different stakeholders.

In line with the realization of the above-mentioned purposes and limited to the fulfillment of these purposes and for the purposes of conducting and auditing business activities, conducting business continuity activities, and carrying out information security processes, your personal data can be processes and shared with our shareholders, our business partners and service providers who provide and operate our IT infrastructure, our business partners and service providers who provide services in the field of quality control, complaint management and risk analysis, legally authorized public institutions and private persons or organizations and third parties, third parties to be determined specifically in the cases that require legitimate interest of the data controller as limited to the purposes specified in this disclosure Statement. In addition;

  • In order to ensure the security of the company and its premises, data such as camera recordings can be shared with the security company and the service provider that establishes or operates the technical infrastructure
  • Infrastructure providers for the storage of physical and electronic employee data
  • Experts for auditing and due diligence activities, law firms and auditing firms, and public institutions for the fulfillment of regulatory and contractual obligations, insurance companies, social assistance support funds, business consultants
  • Authorized administrative and supervisory boards and/or other authorized supervisory institutions and organizations,
  • Administrative authorities, judicial authorities or relevant law enforcement agencies upon request in resolving legal disputes or in accordance with the relevant legislation.

V. Rights of the Relevant Person

As the person whose personal data is processed, you can contact info@si-ar.comor use the form at www.tem76.com in order to exercise your rights within the scope of Article 11 of the Law regulating the rights of the relevant person (learning to process personal data, requesting information about processing, learning the suitability of the processing to the purpose, knowing the persons your personal data are transferred, requesting the correction of incomplete or incorrect processing, requesting deletion or destruction, automatic notification of all transactions to third parties, objecting to the analysis, requesting the compensation of the damage) in accordance with the Communiqué on the Principles and Procedures of Application to the Data Controller.

 

COOKIE POLICY

As Sİ-AR TURİZM VE İNŞAAT ANONİM ŞİRKETİ (“COMPANY”)we use cookies within the scope of our activities on the internet. The purpose of the Cookie Policy is to explain to you what types of cookies we use, for what purposes we process cookies and how we manage cookies.

WHAT IS A COOKIE?

Cookies are very small text files, usually consisting of letters and numbers, that are saved to your computer (or other devices such as smartphones or tablets) via web browsers by websites that you visit. Cookies do not include personal information about visitors, such as name, gender or address. Cookies are generated by servers that manage the website you visit. Thus, when the visitor visits the same site again, the server can understand it. Cookies are like identity cards that show website owners that the visitor is visiting the site again.

COOKIE TYPES

  • Types of cookies according to the duration of use: E-commerce platforms operated by the Company use session cookies and persistent cookies, depending on the duration of use on the website, mobile application and mobile site. A session cookie expires when you close your browser. A persistent cookie remains on your hard disk for a long time or indefinitely.
  • Cookie types according to the cookie owner or the party placing the cookie: "Company cookies (first party cookies)" and "third party cookies" are used on the website of electronic commerce platforms operated by the Company, depending on the party placing them. Company cookies are created by the Company, while third-party cookies are managed by third parties with whom we cooperate.
  • Types of cookies according to their intended use: According to the intended use on the website, mobile application and mobile site of the electronic commerce platforms operated by the Company; customization cookies and analytical cookies are used. By using these cookies, the Company conducts statistical activities to determine spending habits such average expenditure amount, age, gender, shopping categories and mobile usage rate by dividing Members into large groups and determining the characteristics that distinguish the members from each other in order to make campaigns and advertisements that appeal to the preferences and taste of customers.

HOW DO WE USE COOKIES?

Our Company uses cookies;

  • To remember the choices you make and to maximize your user experience during your website visit and to personalize your use. This includes cookies that:
    • remember and recognize you on your next visit to the website.
  • To determine how you use the website including where and how you connect the electronic trade platforms operated by theCOMPANY what content you view on the website and the duration of your visit.

COOKIE MANAGEMENT

  • Usually Internet browsers are set to allow the use of cookies automatically. You can limit, block, delete cookies or set them to be alerted when cookies are being sent to your device through the settings of your Internet browser. Different methods may be used for different Internet browsers, you can learn more about this from the "Help" section of your Internet browser.
  • If you are accessing websites of the COMPANY via different devices, you should make sure that the "cookie settings" of your Internet browser for each device are set in accordance with your preferences.
  • If you block one or more categories of cookies, we may continue to collect information with existing cookies, but the use of blocked cookies will be stopped immediately.
  • By continuing to use our website with the user agreement, you agree to place cookies on your device. If you do not want cookies to be placed on your device, please adjust the settings of your Internet browser according to your preferences or stop using our website. If you choose not to receive cookies, it does not guarantee that you will be able to access all areas and content of our website and benefit from all the services offered on our website. Removing or deleting cookies can negatively affect your user experience.

COOKIES

Information about the cookies used by our company is given in the tables below:

Cookie Name
Purpose of Storing Cookies
Cookie Type
Related Privacy Policy
Cookie Storage Period
Google Analytics (_gat) Evaluating the purpose of the user visit and compiling reports on website activity for website administrators, as well as improving the customer experience. Performance Cookie https://developers.google.com/ Each site is updated with user login. The storage period is 1 day.
Google Analytics(_gat_UA-949974-1) Evaluating the purpose of the user visit and compiling reports on website activity for website administrators, as well as improving the customer experience. Performance Cookie https://developers.google.com/ Each site is updated with user login. The storage period is 1 day.
Google Analytics(_gid) Saving and updating a unique value for each page visited. Performance Cookie https://developers.google.com/ Each site is updated with user login. The storage period is 1 day.
Google Analytics(_ga) Evaluating the purpose of the user visit and compiling reports on website activity for website administrators, as well as improving the customer experience. Performance Cookie https://developers.google.com/ Each site is updated with user login. Maximum 2 years
   

DISCLOSURE STATEMENT ON THE PROTECTION OF PERSONAL DATA FOR CUSTOMERS UNDER COVID-19

To whom it may concern,

Since the World Health Organization ("WHO") declared the infectious respiratory tract disease known as Corona Virus (COVID-19) a "Pandemic", we have to take precautions included in the "Outbreak Management and Activity Guide" published by the Ministry of Health within our company during the pandemic period.

As Sİ-AR TURİZM VE İNŞAAT ANONİM ŞİRKETİ ("COMPANY") in the capacity of Data Controller, we show the utmost sensitivity to protect the fundamental rights and freedoms, especially the privacy of private life, in processing your personal data in order to fully and completely comply with the health measures we have to take during the pandemic at the maximum level.

Some of your personal data is processed by the COMPANY in the capacity of data controller. With this Disclosure Statement, we inform you about the methods of collecting and transferring your personal data, the purposes of processing, legal reasons and your rights in accordance with the provisions of the Law No.6698 on Protection of Personal Data ("PDP"). This Disclosure Statement has been created for all-natural persons whose personal data are processed by the COMPANY except for the COMPANY employees.

Data Controller

In accordance with PDP, your personal data can be processed within the scope specified in this Disclosure Statement by our company entitled Sİ-AR TURİZM VE İNŞAAT ANONİM ŞİRKETİ as the data controller, established as an Incorporated Company under the laws of the Republic of Turkey, registered before Istanbul Trade Registry with the registry number 167899 and residing at Imrahor Cad.No. 82 Beyoğlu/İstanbul.

Personal Data and Processing of Personal Data

In accordance with the Law on PDP, any information that makes your identity specific or identifiable constitutes your personal data. Personal data includes any information relating to the race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, and information concerning health, sexual life, criminal convictions and security measures, while the biometric and genetic data are regarded as sensitive personal data.

Processing of your personal data refers to all kinds of operations performed on the data such as obtaining, saving, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of these data in accordance with the Law on PDP.

Your personal data processed in the capacity of data controller includes information related to Name-Surname, Signature, Address, Name and Surname of Accompanying Persons, Chronic Disease Information, COVID-19 History, Last Negative Test Date in Case of Undergoing, Information on whether Contacted with a Person with Positive Test Result, Information on whether Gone Abroad in the Last 14 Days, Fever Measurement, HES Code result and HES Code.

Purpose of Processing Personal Data

Your personal data is processed in compliance with the principles of compliance with the law and good faith, being accurate and up-to-date when necessary, being processed for specific, clear and legitimate purposes, being connected, limited and proportionate to the purpose for which they are processed, and retaining them for the time required for the purpose for which they are processed.

The COMPANY can process personal data and sensitive personal data in order to implement the company policies regarding occupational health and safety within the company, and take protective measures, and to take the health measures deemed appropriate by WHO and the Ministry of Health in case of coming to the Company in person (providing information on the importance of fever measurement when entering the company, hand hygiene and social distance, obtaining the medical information about cough, respiratory illness and chronic illness, if any, and the latest domestic/international travels with an informed consent), and to fully carry out the precautionary measures taken for the maximum period required to ensure the pandemic situation and occupational health and safety, and destroys it at the end of the retention period.

In addition, upon your request, we can send the Policy on the Processing of Special Personal Data and the Policy on the Protection, Storage and Destruction of Personal Data to you.

Method and Legal Reason of Collecting Personal Data:

Your personal data can be processed, stored and transferred in physical and electronic environments for the legal reasons and processing purposes specified in Articles 5 and 6 of the Law on PDP, for the purposes specified in this Disclosure Statement and through obtaining your explicit consent and limited to the periods specified above.

Transfer of Personal Data:

Some of your personal data collected can be transferred to the Ministry of Health, authorized public health institutions and other institutions and organizations that are required to be informed within the framework of the relevant legislation, and if necessary, law enforcement officers in accordance with Article 28 of Law No.6698 on PDP for the implementation of company policies regarding occupational health and safety within the company and taking protective measures, ensuring the implementation of health measures deemed appropriate by WHO and the Ministry of Health in case of coming to the company in person, and other processing purposes specified in this Disclosure Statement, as limited to the purposes specified in this Disclosure Statement, and can be processed domestically.

In addition, the details of the ID and personal data will not be shared during the announcement for those who are suspected of COVIC-19 in the information requested by our Company.

Rights of Personal Data Subjects

Regarding your personal data, you have the following rights:

  • To find out whether your personal data are processed or not,
  • To request information regarding the personal data if they are processed,
  • To find out for what purpose your personal data is processed and whether it is used for these purposes,
  • To know the third parties to whom your personal data have been transferred inside or outside the country,
  • To request the correction of incomplete or incorrect processing of personal data;
  • To request the deletion or destruction of your personal data,
  • To request notification of your rectification, deletion and destruction requests to third parties to whom your personal data have been transferred,
  • To object to the emergence of a consequence against you by analyzing your processed data exclusively through automated systems,
  • To claim damages if you incur losses due to unlawful processing of your personal data.

You can send your requests for information, correction, deletion, destruction and objections in writing to our postal address or e-mail address below or by other methods determined by the Personal Data Protection Board.

Mailing Address:: İmrahor Cad.No.82 Beyoğlu/İstanbul

E-mail address: info@si-ar.com

 

We undertake that your personal data will always be processed in accordance with the relevant legislation and our Company's own data protection policies, that your personal rights will be protected, your personal data will be kept confidential, we will take all necessary technical and administrative measures and to take due care to ensure confidentiality and security.