+90 (262) 751 36 72 speedol@speedol.com.tr

Type the word you want to search

To give up, press ESC on your keyboard or click the cross.

Personal Data Processing and Protection Policy

KOCAK PETROL URUNLERI SAN. VE TIC. LTD. STI.

PERSONAL DATA PROCESSING AND PROTECTION POLICY

SECTION 1

1.1 Input

As KOCAK PETROL URUNLERI SAN. VE TIC. LTD. STI. ("the Company"), we attach utmost importance to the lawful processing and protection of personal data in accordance with the Law No. 6698 on the Protection of Personal Data ("the Law") and act with this diligence in all our planning and activities.

1.2. Purpose of the Policy

The primary purpose of this Policy is to provide explanations regarding systems for processing and protecting personal data in accordance with the law and the purpose of the Law.

1.3. Scope of the Policy and Data Subjects

This policy applies to all natural persons whose personal data is processed, whether automatically or non-automatically. It does not apply to legal entities.

1.4. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Special Category Personal Data: Sensitive information such as race, health, religious beliefs, and criminal history.
  • Processing of Personal Data: Operations such as acquiring, storing, modifying, transferring, and deleting.
  • Data Controller: This person determines why and how data will be processed.
  • Data Processor: A data processor is a natural or legal person authorized by the data controller.
  • Explicit Consent: Informed and freely given consent.

1.5. Implementation of the Policy

This policy came into effect on January 1, 2020, and is published on the website. It will be updated and republished as needed.

SECTION 2 – PROCESSING AND TRANSFER OF PERSONAL DATA

2.1. General Principles

  • Acting in accordance with the law and the principle of fairness,
  • Processing accurate and up-to-date data,
  • Processing for specific, explicit and legitimate purposes,
  • Purposeful, limited and proportionate processing,
  • Do not store for longer than necessary.

2.2. Processing Conditions

  • Obtaining explicit consent,
  • It must be explicitly stated in the laws.
  • Necessity due to practical impossibility,
  • Contract requirements,
  • Legal obligation,
  • Making a person public,
  • Establishment or protection of a right,
  • Legitimate interests.

2.3. Processing of Special Categories of Data

Special categories of personal data, excluding health and sexual life data, may be processed without explicit consent in cases stipulated by law. Health data, however, may be processed for reasons such as public health.

2.4. Transfer Terms

Data will not be transferred to third parties within the country without the explicit consent of the data subject; however, it may be transferred if the above conditions are met.

2.4.1. Transfer abroad

Transfers abroad may be made to countries with adequate protection or with the permission of the Board.

2.5. Transfer of Special Category Data

Domestic and international transfers can be made if there is explicit consent or a legal basis. Necessary administrative and technical measures will be taken.

SECTION 3 – PURPOSES OF PROCESSING AND TRANSFERRING PERSONAL DATA, AND TO WHOM IT WILL BE TRANSFERRED

3.1. Purposes of Processing and Transferring Personal Data

Personal data is processed in connection with the following activities of the Company, based on Articles 5 and 6 of the Law:

  • Ensuring the security of movable property and resources,
  • Implementing information security processes,
  • Managing the application processes for job applicants,
  • Managing employee benefits and advantages processes,
  • Managing finance and accounting operations,
  • Ensuring physical security of the premises,
  • Following and managing legal affairs,
  • Conducting internal audit and investigation activities,
  • Conducting and supervising business activities,
  • Business continuity activities,
  • Execution of logistics activities,
  • Execution of goods/services sales and production processes,
  • Tracking requests and complaints,
  • Fulfilling employment contract and legal obligations for employees,
  • Execution of customer relationship management processes.

Processing activities are based on the legal processing conditions stipulated in the relevant law, and if explicit consent is required, that explicit consent is obtained.

3.2. Persons to Whom Personal Data Will Be Transferred

Personal data may be shared with the following individuals and organizations for the purposes stated above:

  • Our business partners,
  • Our suppliers,
  • Natural persons or private legal entities,
  • Authorized public institutions and organizations.

Data may be shared with third parties when necessary to ensure the complete provision of the service. Furthermore, data may be shared in accordance with legal obligations and requests from judicial/administrative authorities.

SECTION 4 – METHOD OF COLLECTING PERSONAL DATA AND LEGAL BASIS

The company collects personal data in accordance with Articles 1 and 2 of Law No. 6698; verbally, in writing or electronically, through various methods. These methods may include the following:

  • Points of sale, call centers, websites, mobile applications, social media accounts, digital forms, printed forms, camera systems, visitor entry records, email, and similar methods,
  • Automatic and non-automatic methods, through documents obtained directly from individuals or third parties,
  • Through job application forms, employment contracts, proposal forms, surveys, registration forms, and other commercial documents.

Data is collected and processed by the Company or data processors acting on behalf of the Company in accordance with the purposes stated in Article 3.1 of this Policy and the processing conditions specified in Articles 2.2 and 2.3 of the Law.

SECTION 5 – DELETION, DESTRUCTION, ANONYMIZATION, AND STORAGE PERIOD OF PERSONAL DATA

5.1. Retention Period

Our company retains personal data for the period stipulated in the relevant legislation or required by the processing purposes. After these periods expire, personal data is deleted, destroyed, or anonymized.

5.2. Methods of Deletion, Deletion, and Anonymization

Personal data is destroyed using the following methods:

  • Deletion: This is the process of making data inaccessible to the relevant users.
  • Obliteration: Data is the irretrievable physical or digital destruction of data.
  • Anonymization: Data is processed in a way that makes it impossible to link it to an identified or identifiable person.

These processes are carried out and recorded in accordance with the Company's data retention and destruction policies.

SECTION 6 – DATA SUBJECTS' RIGHTS (PDPL Article 11)

Data subjects have the right to apply to our Company and request the following regarding themselves:

  • Whether their personal data is being processed,
  • Information regarding the processing of their personal data if it has been processed,
  • The purpose of the processing of their personal data and whether it is being used in accordance with its purpose,
  • The right to know the third parties to whom their personal data has been transferred, domestically or internationally,
  • The right to request the correction of their personal data if it is incomplete or inaccurate,
  • The right to request the deletion or destruction of their personal data in accordance with Article 7 of the Personal Data Protection Law,
  • The right to request that the actions taken in accordance with paragraphs (d) and (e) above be notified to the third parties to whom their personal data has been transferred,
  • The right to object to a result that is detrimental to them arising from the analysis of processed data exclusively through automated systems,
  • The right to demand compensation for damages incurred as a result of the unlawful processing of their personal data.

Applications must be submitted to our company in writing or through other methods determined by the Personal Data Protection Board.

SECTION 7 – APPLICATION PROCEDURE

Data subjects may submit their requests regarding the processing of their personal data in writing or through other methods determined by the Personal Data Protection Board.

Applications can be submitted using the following methods:

  • With a wet signature, either in person or through a notary public,
  • With a registered electronic mail (KEP) address,
  • By sending an email to speedol@speedol.com.tr using the email address registered in the company's system.

The request will be processed by the Company free of charge within a maximum of 30 (thirty) days. However, if the process requires additional costs, a fee may be charged according to the tariff determined by the Board.

SECTION 8 – ENTRY INTO FORCE AND UPDATING OF THE POLICY

This Policy entered into force on January 1, 2020. The Policy comes into effect upon publication on the Company's website. The Company may make changes to the Policy as it deems necessary.

The updated policy becomes effective on the date it is published on the website. Policy changes are effective from the date of their publication.