Clarification Text
![](https://www.derluks.com.tr/wp-content/uploads/subheader.jpg)
CLARIFICATION TEXT ON THE PROTECTION AND PROCESSING OF PERSONAL DATA
As Derlüks Yatırım Holding and Group Companies; importance is given to the confidentiality and security of your personal data and the principles of securing the fundamental rights and freedoms guaranteed by the Constitution, especially the privacy of private life, are observed with the utmost sensitivity.
In accordance with the Personal Data Protection Law No. 6698, all kinds of information and documents including your personal data (name, surname, TR No, address, place of birth, date of birth, etc.) and again all your private data (health information, biometric and genetic information, clothing, association, foundation, union membership, criminal conviction, data on security measures, religious, ethnic, etc. all kinds of data) can be processed, recorded, stored, updated and stored in order to continue the services, transferred to third parties, shared and anonymized in accordance with the regulations in the relevant law by Derlüks Yatırım Holding and Group Companies as a data controller.
In this context, Derlüks Yatırım Holding and Group Companies take all necessary administrative and technical measures to protect the personal data processed in accordance with the relevant laws and regulations. Pursuant to the Law on the Protection of Personal Data No. 6698 (“Law”), personal data are processed in accordance with the law and the rule of honesty, the accuracy of the data is ensured and updated when necessary. We pay attention to processing the data for specific, explicit and legitimate purposes, to processing in connection with the purpose for which they are processed, limited and measured processing, to preserving them for the period stipulated in the relevant legislation or for the period required for the purpose for which they are processed.
In case the processed data is personal data of special nature as defined in the Law; personal data other than health and sexual life can be processed without the explicit consent of the person concerned, in cases stipulated by law. Personal data on health and sexual life can only be processed by persons under confidentiality obligation or authorized institutions and organizations, without the explicit consent of the person concerned, for protection of public health, preventive medicine, medical diagnosis, treatment and for the purpose of carrying out care services, planning, managing and financing healthcare services.
A. Purposes and Legal Reasons for Processing Personal Data
Your personal data are processed in order to be used in the necessary processes, for the fulfilment, sustainability, execution, development of our activities in accordance with all information documents, all relevant laws and regulations, promotion, campaigns and similar activities for services and activities, invitation, notification of new applications, fulfilment of the requirements of the contracts made or to be made, planning, statistics, conducting satisfaction surveys, ensuring security, e-mails, e-newsletter subscriptions, social media posts, printed forms filled in organized events, during the face-to-face interview with the candidates or written application form, personal data collected in recruitment processes and special quality personal data collected according to the nature of the job, in case they send their resumes by e-mail, cargo, and similar methods, or through means such as consultancy firms or telephone, and due to the control and researches that provide the confirmation of the information transmitted by the candidate, maintaining the legal and commercial security of persons in business relationships, determining and implementing legal and financial affairs and similar commercial and business strategies, human resources, execution of accounting policies, physical security and supervision, compliance with domestic and international legislation, information transfer required by public institutions or other authorities, compliance with storage and reporting obligations, to provide better and more reliable service to you, and uninterrupted continuity, are processed within the conditions and purposes specified in Articles 5 and 6 of the Law.
B. Storage Period of Personal Data
Derlüks Yatırım Holding and Group Companies store personal data only for the period specified in the relevant legislation or required for the purpose for which they are processed. In this context, it first determines whether a period is stipulated for the storage of personal data in the relevant legislation, if a period is specified, it acts in accordance with this period, if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed.
Personal data are deleted, destroyed or anonymized in the event of the expiration of the period or the disappearance of the reasons for processing.
C. Collection Method of Personal Data
Your Personal Data may be collected verbally, in writing or electronically through our website, social media channels, parties with whom we have a business relationship and/or receive services that complement our activities, contracted organizations and other similar channels, by automatic or non-automatic methods.
D. Transfer of Personal Data
Your Personal Data may be transferred to Company officers, shareholders, employees, business partners, service providers or third parties, legal, financial and tax consultants, auditors, consultants, institutions or individuals, authorities such as SGK, ministries, judicial authorities and/or all public institutions and organizations authorized by law and/or abroad within the framework of the conditions and purposes listed in Articles 8 and 9 of the Law for the fulfilment of objectives, strategy determination and implementation, human resources policies within the framework of Derlüks Yatırım Holding and Group Companies activities. In case of transfer abroad, personal data to be transferred is required to have adequate protection in foreign countries and in case of the absence of adequate protection, responsible officers should commit in writing for an adequate protection of data in Turkey and in the foreign countries and have the permission of the Personal Data Protection Authority on the matter.
E. Rights of Personal Data Owner in accordance with Article 11 of the Law
As a personal data owner, you have the right to request the following matters from Derlüks Yatırım Holding and Group Companies.
- To learn whether your personal data is processed,
- If your personal data has been processed, to request information regarding this,
- To learn the purpose of processing your personal data and whether they are used appropriately,
- To know the third parties to whom personal data are transferred domestically or abroad,
- To request correction of personal data in case of incomplete or incorrect processing
- To request correction of personal data in case of incomplete or incorrect processing and to inform the third parties to whom the personal data have been transferred,
- Although it has been processed in accordance with the provisions of the law and other relevant laws, in the event that the reasons for its processing disappear, to request the deletion or destruction of personal data and to notify the third parties to whom the personal data has been transferred,
- To object if your personal data is analyzed exclusively through automated systems and there is a consequence against you,
- To request the compensation of the damage in case you suffer any damage due to the processing of your personal data in violation of the relevant legislation,
- It is important for the information/data you share to be correct and to be kept up-to-date, to exercise the rights on the data in accordance with the Law and to other relevant legislation, and the liabilities arising from providing false information are entirely yours.
We reserve the right to demand from you the expenses we will incur to fulfil your requests, according to the tariff set out in Article 13 of the Law entitled Application to Data Controller.
F. Situations Where Personal Data Can Be Processed Without Requiring Explicit Consent Of The Relevant Person In Accordance With The Law
- It is expressly provided for by the laws.
- It is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to explain his/her consent due to the physical disability or whose consent is not deemed legally valid.
- Processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
- It is necessary for compliance with a legal obligation to which the data controller is subject.
- Personal data have been made public by the data subject himself/herself.
- Data processing is necessary for the establishment, exercise or protection of any right.
- Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
G. Principles Specified in the Law on Protection and Processing of Personal Data
Derlüks Yatırım Holding and Group Companies act in accordance with the Constitution, general principles in the Law and other relevant legislation regarding the protection and processing of personal data; in addition, it complies with the following principles with great importance and thoroughness:
- Compliance of personal data processing activities with the lawfulness and fairness.
- Personal data being accurate and kept up to date where necessary.
- Personal data being processed for specified, explicit and legitimate purposes.
- Being relevant, limited and proportionate to the purposes for which they are processed.
- Being stored for the period laid down by relevant legislation or the period required for the purpose for which the personal data are processed.
H. Methods of Using the Rights of Personal Data Owners/Application Method
In case the relevant person requests information on the issues stated in the article E. above, the application will be answered within thirty days at the latest after the written application to our institution as data controller.
If the process requires an additional cost, we reserve the right to charge the fees in the tariff determined by the Personal Data Protection Authority