Turkish Personal Data Protection Law and Privacy Policy

CORPORATE GENERAL INFORMATION TEXT

ABOUT PROCESSING OF PERSONAL DATA

As Sinuwa Döküm San. ve Tic. Ltd. Şti. (“Sinuwa”); we have prepared this information text to inform you Visitors, Online Visitors, Customers, Potential Customers, Supplier Employees, Supplier Officers for processing, keeping and transferring your personal data within the scope of its activities under the Protection of Personal Data Law No. 6698 (“the PDPL”) and relevant legislation and legal regulations.

What Are Your Personal Data Categories We Process and For What Purposes Do We Process Them?

Your personal data may be processed by Sinuwa Döküm San. ve Tic. Ltd. Şti., for the purposes stated below within the scope of our ongoing business relations with our business partners (it is possible that a person may fall into more than one category) in compliance with the following principles stated in article 4.2 of the PDPL;

Being in conformity with the law and good faith,

Being accurate and if necessary, up to date,

Being processed for specified, explicit, and legitimate purposes,

Being relevant, limited and proportionate to the purposes for which data are processed,

Being stored only for the time designated by relevant legislation or necessitated by the purpose for which data are collected.

Our visitors

Physical space security data of our visitors (e.g. camera recordings) will be processed for the purposes of ensuring physical space security.

Our Online Visitors

The identification information (e.g. E-mail addresses) and (e.g. IP address information) of our online visitors using our website (if you shared it with us*) will be processed for the purposes below;

To carry out the activities in accordance with the legislation,

To execute information security processes,

To carry out communication activities,

To provide information to authorized persons, institutions and organizations,

to enable you to access our website via the internet.

Our Customers

Identity information, contact information, customer transaction information of our real person customers or legal entity customers’ officials and / or employees (e.g. order information), physical space security information will be processed for the purposes below;

To carry out the activities in accordance with legislation,

To conduct financial and accounting works,

To carry out/audit business activities,

Execution of Goods / Service sales processes,

Execution of contract processes,

To provide information to authorized persons, institutions and organizations,

To resolve legal disputes,

To conduct, store and archive activities,

To conduct communication activities.

Our Supplier Employee

Identity information, contact information, physical space security information, professional experience information of our supplier employee (e.g. on-the-job training information) will be processed for the purposes below;

To conduct communication activities,

Execution / supervision of business activities,

To ensure physical space security,

To conduct supply chain management processes,

To carry out logistics activities,

To carry out the activities in accordance with legislation,

To carry out occupational health / safety activities.

Our Supplier Official

Identity information, contact information, physical space security information, customer transaction information, financial information, marketing information of our real person suppliers or legal entity supplier officials will be processed for the purposes below;

Execution / supervision of business activities,

Execution of Goods / Services Purchasing Processes,

To conduct financial and accounting works,

Execution of contract processes,

Execution of investment processes,

To ensure physical space security

To follow and execute legal affairs.

What are the Methods of Collecting Your Personal Data?

Your personal data stated in categories above are collected through physical method such as order forms, contracts, visitor forms or through automatic or non-automatic methods through information systems and electronic devices (e.g. telecommunication infrastructure, computer and telephones), third parties, our website and other documents declared by the relevant person.

What is the Legal Reason of Collecting Your Personal Data?

Your Personal data will be processed by Sinuwa Döküm San. ve Tic. Ltd. Şti., in line with realizing the purposes explained above based on the legal reasons stated in Article 5 of the PDPL as;

It is clearly stipulated in the laws,

The requirement of processing personal data of the parties to a contract, provided that it is directly related to the formation or execution of that contract,

It is mandatory for the data controller to fulfill her/his legal obligations,

Data processing is mandatory for the establishment, exercise or protection of any right,

It is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.

Do We Transfer Your Personal Data to a Third Party?

1. Personal data of our visitors may be shared with law enforcement and judicial authorities if requested in order to resolve legal disputes and in accordance with the relevant legislation.
2. Personal data of our online visitors may be shared with judicial authorities and authorized public institutions and organizations in order to resolve legal disputes and in accordance with the relevant legislation.
3. Personal data of our customers are transferred to authorized public institutions and organizations in order to carry out activities in accordance with the legislation, to follow and carry out legal affairs, to inform authorized persons, institutions and organizations within the scope of legal regulations; to our community companies, solution partners, suppliers, cargo companies, banks, cargo companies and our financial advisor to the extent necessary in order to carry out / audit business activities, carry out risk management processes, and perform our services properly. In addition, the personal data in question can be transferred to the law office and judicial authorities from which we receive service in order to be used as evidence in legal disputes that may arise in the future.
4. Personal data of our supplier employee are transferred to authorized public institutions and organizations for the purposes of carrying out activities in accordance with the legislation, following and carrying out legal affairs, informing authorized persons, institutions and organizations, conducting / auditing business activities within the scope of the legal regulation, to the group companies, suppliers, cargo companies, banks and our financial advisor to the extent necessary in order to perform the service properly. In addition, the personal data in question can be transferred to the law office and judicial authorities from which we receive service in order to be used as evidence in legal disputes that may arise in the future.
5. Personal data of our supplier official are transferred to authorized public institutions and organizations in order to carry out activities in accordance with the legislation, to follow and carry out legal affairs, to inform authorized persons, institutions and organizations, to conduct / audit business activities within the scope of legal regulations, to the group companies, suppliers, cargo companies, banks and our financial advisor to the extent necessary in order to perform the service properly. In addition, the personal data in question can be transferred to the law office and judicial authorities from which we receive service in order to be used as evidence in legal disputes that may arise in the future.

Do We Transfer Your Personal Data Abroad?

As Sinuwa Döküm San. ve Tic. Ltd. Şti., we do not transfer your personal data abroad.

How Can You Exercise Your Rights Regarding Your Personal Data?

You may forward your requests related to your rights and requests under article 11 of PDPL regulating the rights of the relevant persons via ”Data Controller Application Form” on Sinuwa Döküm San. ve Tic. Ltd. Şti’s “https://www.sinuwa.com.tr/” prepared for your convenience in accordance with the “Communiqué on Application Procedures and Principles for the Data Controller”.

Data Controller: Sinuwa Döküm San. ve Tic. Ltd. Şti.

Address: Organize Sanayi Bölgesi 7.Cad No:1 Merkez/Sinop

Mail: kvkk@sinuwa.com.tr

SİNUWA DÖKÜM SAN. VE TİC. LTD. ŞTİ.

CORPORATE PERSONAL DATA PROTECTION POLICY

SİNUWA DÖKÜM SAN. VE TİC. LTD. ŞTİ.

CORPORATE PERSONAL DATA PROTECTION POLICY

PURPOSE

The right of every individual to demand the protection of personal data about himself/herself is a sacred right arising from the Constitution. As Sinuwa Döküm San. ve Tic. Ltd. Şti., we consider fulfilling the requirements of this right as one of our most valuable duties. For this reason, we attach importance to the processing and protection of your personal data in accordance with the law.

As a result of the importance we attach to the protection of personal data, Corporate Personal Data Protection Policy has been prepared in order to determine the principles and procedures we apply while processing and protecting personal data.

SCOPE

The Policy covers all kinds of processes related to obtaining, recording, storing, retaining, changing, revising, disclosing, transferring, taking over, classifying the personal data managed by Sinuwa Döküm San. ve Tic. Ltd. Şti., and taking them over by wholly or partially automated means or by non-automated means provided that they are a part of any data recording system or prevention of their utilization.

The policy is related to all personal data of the partners, officers, solution partners, customers, supplier officers and employees of Sinuwa Döküm San. ve Tic. Ltd. Şti., and third parties that are processed.

As Sinuwa Döküm San. ve Tic. Ltd. Şti. may change the Policy to comply with the legislation and the decisions of the Personal Data Protection Authority and to better protect personal data.

DEFINITIONS

GENERAL PRINCIPLES

Sinuwa Döküm San. ve Tic. Ltd. Şti., checks the compliance of the data to be processed in the preparation phase of each new personal data processing workflow with the following principles. Workflows that are not found suitable are not implemented.

Sinuwa Döküm San. ve Tic. Ltd. Şti., complies with the following when processing personal data;

It shall abide by the law and the rules of honesty.

Ensure that personal data are accurate and, when necessary, up-to-date.

Pays attention to the fact that the purpose of the processing is specific, clear and legitimate.

Checks that the processed data is linked to the purpose of processing, that it is processed to the extent that it needs to be processed, and that it is measured.

Preserves the data only as required by the relevant legislation or for the purpose of processing, and destroys it when the purpose of processing disappears.

MEASURES TAKEN FOR DATA SECURITY

Sinuwa Döküm San. ve Tic. Ltd. Şti., takes all necessary technical and administrative measures (I) to prevent personal data being processed unlawfully, (ii)to prevent unlawful access to personal data, (iii) to ensure the appropriate level of security in order to preserve personal data.

Technical Measures

Network security and application security are provided.

Security measures are taken within the scope of supply, development and maintenance of information technology systems.

Access logs are kept regularly.

Current anti-virus systems are used.

Necessary security measures are taken for entering and exiting physical environments containing personal data.

It is ensured that physical environments containing personal data are protected against external risks (fire, flood etc.).

The security of media containing personal data is ensured.

Personal data is backed up and security of the personal data backed up is also ensured.

Encryption is done.

Administrative Measures

There are disciplinary regulations that include data security provisions for employees.

Training and awareness studies are carried out at certain intervals on data security for employees.

Corporate policies on access, information security, usage, storage and destruction have been prepared and implemented.

The data masking measure is applied when necessary.

Confidentiality commitments are made.

Employees who resigned their jobs or who were reassigned have been deauthorized.

Signed agreements contain data security provisions.

Personal data security policies and procedures have been established.

Personal data security issues are quickly reported.

Personal data security is monitored.

Personal data is reduced as much as possible.

In-house periodic and / or random audits are performed.

Existing risks and threats have been identified.

Protocols and procedures for sensitive personal data security have been determined and implemented.

Awareness of data processing service providers on data security is ensured.

RIGHTS OF THE RELEVANT PERSON ABOUT PERSONAL DATA

The relevant person may apply to Sinuwa Döküm San. ve Tic. Ltd. Şti., and make a request on the following issues:

Learning whether the personal data have been processed or not,

Requesting information if her/his personal data has been processed,

Learning the purpose of processing of the personal data and whether data are used in accordance with their purpose;

Learning the third parties inside and outside the country to whom the personal data are transferred,

Requesting rectification in case your personal data has been processed incompletely or inaccurately and to request notification of the transaction made within this context to third parties to whom your personal data has been transferred,

Requesting deletion, destruction or anonymization of personal data in case the reasons that require processing have been eliminated despite the fact that it has been processed in accordance with the PDPL and other relevant legal provisions and to request notification to the third parties to whom personal data has been transferred,

Objecting to any application response against him/her, resulting from the analysis of processed data exclusively by the automatic systems,

Claiming compensation in case of suffering loss due to illegal processing of the personal data.

 VIOLATION NOTICES

Sinuwa Döküm San. ve Tic. Ltd. Şti., employees shall report works, actions or events that he/she believes to have violated the provisions of PDPL and/or Policy to the Board of Directors. The Board will convene after this violation notification, if it deems necessary, and prepare an action plan regarding the violation.

If the violation has occurred through unlawful acquisition of personal data to others, the Board will notify this situation to the relevant person and the Board within 72 hours within the scope of Board decision dated 24.01.2019 and numbered 2019/10.

CHANGES

The changes on the policy are prepared by the Board of Directors. The Updated Policy may be sent to employees via e-mail or posted on the website.

EFFECTIVE DATE

This version of the Policy has been approved by the Board of Directors and became effective on 01.12.2020.

Information Text about the Personal Data Processed in the Contact Form

This information text is provided Sinuwa Döküm San. ve Tic. Ltd. Şti. acting in the capacity of data controller, has been prepared for the purpose to inform you about the purposes of processing your personal data, legal reasons, collection methods, to whom it can be transferred and your rights under the PDPL, within the framework of Article 10 of the Protection of Personal Data Law.

Your personal data such as the name, surname, e-mail etc. that you shared via the Contact Form on our website are processed for the purposes of carrying out the necessary work to be done by the work units to benefit the relevant persons from the products and services offered by our company, conducting the relevant business processes and communicating with you about the subject you stated in the form. In addition, we do not have absolute control over the information you share with this form. We recommend that you do not share your personal data and sensitive personal data that you do not want us to know with our Company.

                The personal data in question is processed in non-traditional ways as automatically and/or not automatically based on the legal reason stated in Article 5 of the Law that “data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” and “it is necessary for compliance with a legal obligation to which the data controller is subject” and will only be shared with the relevant judicial authorities in legal disputes.

Your requests within the scope of Article 11 of the Law regulating the rights of the person concerned, can be submitted to Organize Sanayi Bölgesi 8.Cad No:5 Merkez/Sinop in written form or to the e-mail address of kvk@sinuwa.com.tr according to the “Communiqué on the Procedures and Principles of Application to the Data Controller.

An application form that you can use has been published on our website in order to inform you and provide convenience to you. Click here to view the related form.

General Information Text about Security Cameras in

Sinuwa Döküm San. ve Tic. Ltd. Şti. Service Area

This information text is provided Sinuwa Döküm San. ve Tic. Ltd. Şti. acting in the capacity of data controller, has been prepared for the purpose to inform you about the purposes of processing your personal data, legal reasons, collection methods, to whom it can be transferred and your rights under the PDPL, within the framework of Article 10 of the Protection of Personal Data Law.

Security cameras located outside of our service area, in the production area, warehouse-shipping area, cafeteria, security booth, maintenance and repair areas and outdoor factory areas are used to record images to ensure the security of our service area, and the recording process is supervised by the production planning unit and security units.

The personal data in question is processed in non-traditional ways as automatically based on the legal reason stated in Article 5 of the Law that “data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject”.

Article 20 of the Constitution states that everyone has the right to be informed about their own personal data. In Article 11 of the PDPL, the rights of the personal data owner within the scope of the law are listed.

Your requests within the scope of Article 11 of the Law regulating the rights of the person concerned, can be submitted to Organize Sanayi Bölgesi 8.Cad No:5 Merkez/Sinop in written form or to the e-mail address of kvk@sinuwa.com.tr according to the “Communiqué on the Procedures and Principles of Application to the Data Controller.

As Sinuwa Döküm San. ve Tic. Ltd. Şti. we are using cookies in order for you to use our website in the most efficient manner and for enhancing your user experience. If you do not prefer to use cookies, you can delete or block cookies from the settings of your browser or the detailed cookie removal explanation below. However, we would like to remind you that this may affect your use of our websites. We will assume that you agree to the use of cookies on our websites unless you change your Cookie settings from your browser. You can access the regulations regarding the collected data from the Information Text provided in our websites.

Our cookies are used to provide you with a personalized experience while using our websites, to improve our services and to improve your experience.

Cookies can be evaluated under different titles according to their usage purpose and method. Some of these topics are explained below;

Session Cookies: They are temporary cookies; they are deleted when you close your browser, so they are not permanent. They are used for the purposes of ensuring our websites’ and your security and continuity during your visits.

Persistent Cookies: They are kept in subfolders of your browser until your action or the time interval in the cookie expires. These cookies help our website recognize your information and preferences in your next visit.

First and Third-party Cookies: First party cookies are cookies used by our website. Third-party cookies are cookies that are set on your computer outside our website.

Mandatory Cookies: They are the anonymous cookies used for proper functioning of: www.sinuwa.com.tr websites, for serving its properties properly.

Functional and Analytical Cookies: Functional cookies to remember your preferences and enhance your browsing experience are used, as well as analytical cookies to see which pages attract more attention and which sources are displayed more, follow the traffic on our websites and provide services suitable for this traffic. These cookies are anonymous. Sinuwa uses session cookies, mandatory cookies, persistent cookies, and functional and analytical cookies in its website and/or websites or mobile web.

Cookies that are used by our websites, other than the mandatory and first-party ones, are:

Google Tag Manager: These cookies will enable us to analyze your website usage by assigning a unique and randomly generated ID to your device that allows us to recognize you on your next visit. Your information is sent to Google by your browser and processed by Google.

The user may remove persistent cookies and reject both session cookies and persistent cookies by following the instructions in the web browser’s “help” file or by visiting “www.allaboutcookies.org” or “www.youronlinechoices.eu.” If the user refuses permanent cookies or session cookies, he/she may continue to use the website or mobile web, but may not be able to access all functions of these channels or have limited access.

How to delete cookies?

Most cookies are easy to delete. Just select your browser and follow the instructions.

Chrome
1.Press the Ctrl + Shift + Delete keys on your keyboard.
2. Select a time interval.
3. Select the ‘Cookies and other site data’ checkbox.
4. Click the “Clear data” button.

Firefox

1. Press the Ctrl + Shift + Delete keys on your keyboard.
   2. Select a time interval to clear.
   3. Select the ‘Cookies’ checkbox.
   4. Click the “Clear now” button.

Safari

1. Select Preferences from the Safari menu.
   2. Go to the Privacy tab.
   3. Click on ‘Manage website data’.
   4. Click on ‘Remove All’.

Edge

1. Press the Ctrl + Shift + Delete keys on your keyboard.
   2. Select the ‘Cookies and saved website data’ checkbox.
   3. Click the “Clear” button.

Internet Explorer

1. Press the Ctrl + Shift + Delete keys on your keyboard.
   2. Select the ‘Cookies and website data’ checkbox.
   3. Click the “Delete” buton.

SİNUWA

APPLICATION FORM TO DATA CONTROLLER

1. General Remarks

Personal data owners (“Applicant”) defined as the person concerned in the Law on Personal Data Protection No. 6698 (“ The PDPL”) are granted the right to make certain requests regarding the processing of their personal data in accordance with Article 11 of the PDPL.

Application form is prepared for determining your relation with Sinuwa Döküm San. ve Tic. Ltd. Şti. (“Sinuwa”) and to respond to your relevant application accurately and within the legal period by fully determining your personal data processed by Sinuwa, if any. In order to ensure the security of your personal data and to prevent illegal data transfer, additional information may be requested by Kaya-pen for identification and authorization determination. In the event that the information specified by the Applicant is not accurate and / or up-to-date or the requests are unauthorized, the applicant is responsible for this issue.

In accordance with Article 7 of the Communiqué on the Rules and Principles for Applying to the Data Controller, if the applicant’s application is to be answered in writing, no fee is charged up to ten pages. 1 Turkish Lira process fee for each page over ten pages may be taken. If the answer to the application is given in a recording medium such as CD or flash memory, a fee may be charged as much as the cost of the recording medium.

2. The Scope of the Application Right Under Article 11 of PDPL

The applicant can apply to Sinuwa and make a request on the following issues:

1) Learning whether the personal data have been processed or not,

2) Request information if her/his personal data has been processed,

 3) Learning the purpose of processing of the personal data and whether data are used in accordance with their purpose,

4) Learning the third parties inside and outside the country to whom the personal data are transferred,

5) To request rectification in case your personal data has been processed incompletely or inaccurately and to request notification of the transaction made within this context to third parties to whom your personal data has been transferred,

6) To request deletion, destruction or anonymization of personal data in case the reasons that require processing have been eliminated despite the fact that it has been processed in accordance with the PDPL and other relevant legal provisions and to request notification to the third parties to whom personal data has been transferred,

7) To object to any application response against him/her, resulting from the analysis of processed data exclusively by the automatic systems,

8) To claim compensation in case of suffering loss due to illegal processing of the personal data.

3. Application Method

Pursuant to Article 13 paragraph 1 of the PDPL, data subject shall lodge an application about these rights in writing and with signature, or via other methods specified by Personal Data Protection Authority (the “Authority”).

In this regard, the applications may be sent to us with printing out this form;

• By the application of the Applicant in person,
• Through a notary public,
• Registered electronic mail (REM) address, secure electronic signature, mobile signature, or
• With e-mail to be sent to us through the electronic mail that the Applicant notified us in advance and that is recorded in our system.

The below sections provide information on the ways to send us written applications.

Sinuwa will be able to request additional information and take necessary measures in order to verify the identity of the Applicant for applications made by the Applicant via e-mail.

In accordance with the second paragraph of Article 13 of the PDPL, your applications submitted to us will be answered in writing or electronically within thirty days from the date of notification or receipt of your request, depending on the nature of the request.

4. Your Identity and Contact Information
5. Applicant Contact Information

1. Please indicate your relationship with Sinuwa. (visitor, customer, business partner employee, employee candidate, former employee, third party company employee, shareholder, etc.

5. Request Subject

Please specify in detail your request under the PDPL:

Applicant

Name Surname:

Signature (if written application):

You can download the form as pdf from the link below.

SİNUWA-Veri-Sorumlusuna-Basvuru-Formu.pdf