The Law on the Protection of Personal Data
We intend to inform you about your personal data processed by VLE Elektronik Otomotiv Sanayi ve Ticaret Anonim Şirketi (“VLE Elektronik” or the “Company”)by means of this present Disclosure pursuant to article 10 entitled “Disclosure Obligation of Data Controller” of the Law on the Protection of Personal Data no. 6698 (“KVKK”) published at the Official Gazette dated 7 April 2016 and no. 29677 which aims protection of basic rights and freedoms of persons in processing personal data, in particular the right to privacy as well as the Communiqué About Principles and Procedures to be Followed in Fulfillment of Disclosure Obligation published at the Official Gazette dated 10 March 2018 and no. 30356.
- Protecting the confidentiality, integrity and accessibility of all information assets within the scope against ever-growing internal and external threats by carrying out risk assessments,
- Compliance with Information Security requirements of the organization and our stakeholders (customer, supplier, government agencies) and conditions arising from laws, regulations, circulars, contracts, standards and sectoral requirements,
- Provision of all necessary resources (infrastructure, process and personnel) for the Information Security Management System (ISMS),
- Ensuring the confidentiality of the information produced and / or used in the scope of ISMS, regardless of whether the corporate and personal information belongs to third parties,
- Improving technical and behavioral competencies in order to raise the awareness of all employees about information security and providing necessary trainings to contribute to the effectiveness of ISMS,
- Taking measures to prevent repetition of real or suspected violations of information security, and ensuring that all employees are fully compliant with the issues covered by the ISMS,
- Supporting and ensuring continuous improvement of the targeted outputs of the Information Security Management System.
In the field of Information Security, we strive to be a pioneer in our sector by managing above activities in an integrated manner with all other management systems implemented within the scope of our organization.
1. IDENTITY OF DATA CONTROLLER
VLE Elektronik has the capacity of “Data Controller” under the KVKK as well as applicable regulations; you can contact us via the following contact details.
Address: TOSB - TAYSAD Organize Sanayi Bölgesi 2. Cadde No: 12, 41420 Çayırova, Kocaeli
Telephone: (262) 781 81 18
Fax: (262) 781 81 19
2. PERSONAL DATA PROCESSED
Personal data below are processed under your relationship with the VLE Elektronik;
- Your ID details: Name, last name, place of birth, ate of birth, age, photograph, ID card, ID number.
- Your Contact Details: Workplace address, home address, e-mail, telephone, mobile, domicile, address registration system records.
- Your financial data: Bank account number, IBAN number, account activities.
- Data regarding security of the Company campus: CCTV footage, visitor logs, footage of entry & exit to bank facilities.
- Data regarding cyber security: User names, passcodes, audit trails, IP address, WEB page access logs, notifications as well as other data and their logs that may concern security of corporate cyber space.
- Data that may concern audits and inspections: audit and inspection records, audit and inspection reports, information regarding reviews performed for the purpose of audit and inspections as well as data concerning other audit and inspections.
3. PURPOSE OF PROCESSING PERSONAL DATA
Your personal data obtained under your relationship with the VLE Elektronik are processed for the following purposes;
- Executing course of customer knowing,
- Managing receipt of offer, product or service and courses of contract,
- Executing course of invoicing and document issuing and sharing data under such course with VLE Elektronik group companies and support service provider firm,
- Using photographs and videos shot during events at social media,
- Trainings given from the Company or through training organisations contracted out of the Company to Company employees, supplier employees, supplier officials / partners for the purpose of carrying out in-house orientation and career/talent development activities,
- Course of receiving service support under Contract and filling service reports out,
- Course of ensuring security at entry into & exit out of the Company.
4. TRANSFERRING PERSONAL DATA PROCESSED
VLE Elektronik, based on authorizations held under legal regulations, can transfer personal data in possession of VLE Elektronik for the purpose of providing service to Suppliers, Customers and their representatives/officials for improving such services to; domestic/ international persons, agencies and/ or organisations, required/authorized by legal regulations, our agents, custodian organisations, including but not limited to public legal persons authorized to obtain personal data, our related parties (parent company, subsidiaries of parent company, affiliates of parent company) program partner agencies, organisations from whom we receive service, collaborate in order to execute our operations, domestic/international intermediary institutions (banks and intermediary institutions) and other domestic/international third parties.
5. METHODS AND LEGAL REASONS OF COLLECTING PERSONAL DATA
VLE Elektronik collects, stores and processes your personal data during establishment of legal relationship with Company and throughout continuance of such relationship from you, third parties and legal authorities through the internet, telephone, e-mail and from physical, written, verbal and electronic media within the above-mentioned purposes based on reasons for compliance with the law listed at provisions of articles 5, 6 and 8 of the law.
- Your explicit consent,
- Explicitly envisaged at legislation the Company is subject to,
- Complying with principles and procedures at national and international area regarding knowing customers, following obligation of storing, reporting information, informing envisaged by legislation and official authorities,
- Provided that it is directly related to conclusion or performance of a contract, processing personal data of contracting parties is necessary, being able to offer products and services in demand and fulfilling requirement of contracts you made,
- It is mandatory for fulfilling legal obligation,
- It was made public by relevant person himself,
- Processing data is mandatory for establishment, use or protection of any right,
- Provided that basic rights and freedoms of relevant person are not damaged, processing data is mandatory for legitimate interest of controller.
Your private personal data are collected, stored and processed based on reasons for compliance with the law:
- Your explicit consent,
- Personal data other than health, in case of incidents envisaged by laws without requiring explicit consent,
- Personal data related to health only by persons or authorized agencies and organisations under confidentiality obligation only for the purpose of protecting public health, execution of preventive medicine, medical diagnosis, treatment and nursing services, planning and managing healthcare services as well as their funding without requiring explicit consent.
6. RIGHTS OF A PERSON WHOSE PERSONAL DATA ARE PROCESSED
Pursuant to provisions of article 11 of the Law, you have the following rights in connection with your personal data.
- Learning whether your personal data are processed,
- If personal data are processed, requesting information regarding this,
- Learning purpose of processing personal data and whether these are used in compliance with the purpose,
- Knowing third parties to whom personal data are transferred at home or abroad,
- In the event personal data are processed incomplete or incorrect, asking correction of the same,
- Asking removal or destruction of personal data,
- In the event personal data are corrected, removed or destroyed, asking that such actions are notified to third parties to whom personal data are transferred,
- Disputing emergence of a conclusion against the person himself through analysis of data processed exclusively through automated systems,
- In the event of incurring loss because of processing personal data unlawfully, requesting reimbursement of loss.
7. IF YOU WISH TO CONTACT US FOR YOUR RIGHTS AND REQUESTS
Pursuant to your legal rights envisaged under applicable law and other legislation, you may deliver your requests with a petition by hand; submit through a notary public to our above-written address. In addition to this, pursuant to article 5 of “Communiqué About Principles and Procedures of Application to Data Controller” you can communicate by using registered electronic mail (KEP) address [firstname.lastname@example.org ].
Applications to be filed in this scope will be admitted following identity authentication to be performed by us; your requests will be concluded as soon as possible according to quality of request and no later than 30 days. In the event of written response to application, you will not be charged until 10 pages, 1 Turkish Lira of transaction fee can be charged for every page over 10 pages. In the event, response is given to application in a recording medium like CD, flash drive; cost of recording medium can be charged.