Scroll Top
Yakuplu Mahallesi Akik sokak No 102 İç kapı No 110 Beylikdüzü / İstanbul
444 3 659
0(212) 422 11 44
info@ozyildirim.com.tr

PDPL

PDPL

PERSONAL DATA RETENTION AND DISPOSAL POLICY

 

  1.  Purpose :As Öz Yıldırım Group, our priority is to ensure that the personal data of all individuals, including our customers, visitors, suppliers, and employees, are processed in compliance with the Turkish Constitution, international human rights agreements to which our country is a party, and the relevant legislation, particularly the Law on the Protection of Personal Data No. 6698 (“KVKK”). We are committed to ensuring that individuals whose data is processed can exercise their rights effectively. This policy is implemented to regulate the processing, storage, and transfer of all personal data acquired during our activities, ensuring the protection of fundamental rights and freedoms, particularly the right to privacy. It also establishes the obligations and procedural rules for real and legal persons processing personal data.

  2.  Scope
    This policy covers all personal data processed by Öz Yıldırım Group, either wholly or partially by automated means or non-automated means as part of a data recording system, relating to identifiable or identifiable real persons. This includes data from our customers, visitors, business partners, employees, suppliers, and third parties.

    Our policy applies to all personal data processing activities conducted by Öz Yıldırım Group and is prepared in accordance with KVKK, relevant legislation, and international standards on personal data protection.

     

  3.  Definitions and Abbreviations
    3.1. KVKK (Law on the Protection of Personal Data)
    The Law on the Protection of Personal Data, published in the Official Gazette on April 7, 2016, under issue number 29677.

    3.2. Personal Data
    Any data that identifies or can be used to identify a real person. This includes individually recorded and processed data such as:

    Identification numbers (e.g., TCKN, IP address, name, surname, contact details—mobile phone, home phone, address, etc.),
    Reports related to an identifiable individual (e.g., customer complaint reports, employee performance evaluation reports, interview assessment reports),
    Records (e.g., audio or video recordings, images, user transaction logs),
    Documents (e.g., resumes, payrolls, invoices, bank statements, credit card statements, photocopies of identification cards),
    Written materials (e.g., letters, invitation letters).
    3.3. Special Categories of Personal Data
    Data that, if processed, poses a risk of discrimination against the data subject and therefore requires stricter protection. As per Article 6 of KVKK, special categories of personal data include:

    Race, ethnic origin, political opinion, philosophical beliefs, religion, sect or other beliefs,
    Appearance and clothing,
    Membership in associations, foundations, or trade unions,
    Health information, sexual life,
    Criminal convictions and security measures,
    Biometric and genetic data.
    3.4. Personal Health Data
    All health-related data concerning an identifiable individual, such as:

    Test results,
    Medical history,
    Medications used.
    Personal health data falls under the category of special personal data.
    3.5. Processing of Personal Data
    Any operation performed on personal data, whether automated or manual, including but not limited to:

    Collection, recording, storage, retention,
    Modification, rearrangement, disclosure, transfer,
    Making data available, classification, or restriction of use.
    3.6. Employee
    Refers to the personnel of Öz Yıldırım Group.

    3.7. Data Processor
    A real or legal person authorized to process personal data on behalf of the data controller.

    3.8. Data Controller
    A real or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. Under KVKK, the “Data Controller” is Öz Yıldırım Group.

    3.9. Service Provider
    Refers to the personnel of companies from which Öz Yıldırım Group receives or provides services (e.g., suppliers, subcontractors, customers).

    3.10. Data Subject (Personal Data Owner)
    A real person whose personal data is processed.

    4. Roles and Responsibilities
    4.1. Board of Directors
    Responsible for overseeing compliance with this policy, rules, and regulations.
    Ensures the establishment, publication, updating, and, when necessary, termination of this policy.
    Defines notification, investigation, and enforcement mechanisms in case of non-compliance.
    4.2. Employee Responsibilities
    Employees are responsible for:

    Adhering to the policies, regulations, and procedures of Öz Yıldırım Group,
    Ensuring compliance with applicable legislation,
    Reporting any violations, non-compliant activities, or practices to the Human Resources department.
    4.3. External Service Providers and Business Partners
    Must comply with the principles of this policy and other relevant regulations.
    Any party that fails to comply will have their cooperation terminated.
    Subcontractors, suppliers, customers, joint ventures, and other partners are expected to respect human rights while conducting business.
    Regular audits will be conducted to ensure compliance with this policy and related legislation.

    5. Legal Obligations
    5.1. Our Obligation to Inform As a data controller, when collecting personal data, we are obliged to inform the data subject about:

    The purpose of processing personal data,
    Our identity and, if applicable, the identity of our representative,
    The recipients to whom the processed personal data may be transferred and the purposes of such transfers,
    The method and legal basis for collecting data,
    The rights arising from the law.
    5.2. Our Obligation to Ensure Data Security
    As a data controller, we take administrative and technical measures as required by law to ensure the security of personal data. The obligations and measures related to data security are detailed in Sections 9 and 10 of this Policy.

    6. Classification of Personal Data
    6.1. Personal Data
    Personal data refers to any information related to an identifiable or identified real person.

    The protection of personal data applies only to real persons.
    Data related to legal entities that do not contain personal information is not considered personal data.
    Therefore, this policy does not apply to data belonging to legal entities.
    6.2. Special Categories of Personal Data
    Special categories of personal data include:

    Race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs,
    Appearance and clothing,
    Membership in associations, foundations, or trade unions,
    Health information, sexual life,
    Criminal convictions and security measures,
    Biometric and genetic data.
    7. Processing of Personal Data
    7.1. Principles of Processing Personal Data
    We process personal data in accordance with the following principles:

    7.1.1. Processing in Compliance with the Law and Good Faith
    We process personal data transparently, in accordance with the principles of good faith, and in compliance with our obligation to inform data subjects.

    7.1.2. Ensuring Data Accuracy and Updating When Necessary
    We take necessary measures to ensure that the processed data is accurate and up-to-date. The data subject is also given the opportunity to update their data and correct any errors.

    7.1.3. Processing for Specific, Clear, and Legitimate Purposes
    As a company, we process personal data only within the scope of clearly defined and legitimate purposes that align with legal regulations and the ordinary course of business.

    7.1.4. Processing Data in a Manner Relevant, Limited, and Proportionate to Its Purpose
    We process personal data only to the extent necessary for specific and explicit purposes.
    We avoid processing personal data that is irrelevant or unnecessary.
    Special categories of personal data are processed only with explicit consent or when legally required.
    7.1.5. Retention of Personal Data for Legal or Legitimate Business Interests
    Various legal regulations require personal data to be retained for specific periods.
    We retain personal data only for the duration specified by law or necessary for its intended purpose.
    Once the retention period expires or the processing purpose ceases to exist, we delete, destroy, or anonymize the data.
    The principles and procedures for data retention periods are detailed in Section 9.1 of this Policy.
    7.2. Methods of Collecting Personal Data
    Personal data may be collected through various channels, including:

    Physical locations: Company headquarters, branches, agencies, sales offices, or other physical locations of Öz Yıldırım Group and its business partners.
    Electronic channels: Websites, mobile applications, electronic transaction platforms, and other public media.
    Communication tools: Call centers, social media platforms, email, SMS, MMS, or other digital communication methods.
    Investigations and agreements: Through legal inquiries, business partnerships, and third-party service providers.
    In accordance with KVKK, personal data may be collected automatically or manually through written, verbal, visual, or electronic means.

    7.3. Purposes of Processing Personal Data
    We primarily process personal data based on explicit consent. However, KVKK allows for exceptions where personal data may be processed without explicit consent (Article 5.2 and Article 6.3).

    Personal data may be processed in the following situations:

    Fulfilling legal obligations
    Providing ordered or purchased products and services
    Conducting sales transactions in Öz Yıldırım Group offices
    Managing returns, deliveries, and service requests
    Responding to questions and complaints
    Establishing or fulfilling a contract
    Protecting or exercising legal rights
    Enhancing service quality and ensuring operational efficiency
    Additionally, personal data disclosed by the data subject in public domains (e.g., social media) may be processed without additional consent within the scope allowed by KVKK.

    With explicit consent, personal data may also be processed for:

    Conducting business operations,
    Providing customer support and service improvements,
    Customizing services based on user preferences,
    Complying with legal and regulatory requirements,
    Conducting marketing and advertising activities,
    Personalizing internet advertising and promotional campaigns,
    Conducting market research and statistical analysis,
    Managing surveys, contests, promotions, and sponsorships,
    Sending newsletters, updates, and corporate announcements,
    Managing recruitment and employment processes,
    Managing supplier and business partner relationships.
    7.4. Processing of Special Categories of Personal Data
    Special categories of personal data are processed under strict administrative and technical security measures, either with explicit consent or as required by law.

    Health and sexual life-related data are processed only by authorized professionals subject to confidentiality obligations, solely for public health, medical diagnosis, treatment, and healthcare service management.
    Öz Yıldırım Group does not process such data outside the scope of employee-related obligations.
    7.5. Processing of Personal Data for Employment and HR Purposes
    During job applications, the following personal data may be collected and processed:

    Resumes, diplomas, and related documents,
    Identity and contact information,
    Social media and professional networking information,
    Professional experience and references.
    This data may be shared with the relevant department managers if necessary.
    If a job application is unsuccessful, the responsibility for further processing and security of the applicant’s data rests with the employer.

    7.6. Processing of Employee Data
    Personal data of employees is processed separately under the Öz Yıldırım Group Human Resources Policy and is subject to the same security and confidentiality principles.

    7.7. Job Applications via Öz Yıldırım Group Website
    Personal data collected through online job application forms includes:

    Identity information (name, surname, birthdate, national ID number),
    Contact details (address, email, phone number),
    Education history,
    Work experience,
    Language skills and certifications,
    References.
    Depending on the job requirements, health data may also be requested, but it will only be processed for employment purposes.

    7.8. Exceptions Where Explicit Consent is Not Required
    Personal data may be processed without explicit consent in the following cases:

    If required by law,
    If necessary to fulfill a contract,
    If necessary to establish, exercise, or protect legal rights,
    If processing is required for legitimate business interests, provided that it does not infringe upon fundamental rights and freedoms.
    Special categories of personal data may only be processed without consent in cases outlined in Section 7.3 of this policy.

    8. Transfer of Personal Data


    8.1. Transfer of Personal Data
    As Öz Yıldırım Group, we handle the transfer of personal data in accordance with the provisions of the KVKK (Law on the Protection of Personal Data) and the decisions and regulations set by the Personal Data Protection Board.

    Unless there are legal exceptions, personal data and special categories of personal data will not be transferred to other individuals or entities without the explicit consent of the data subject.
    In exceptional cases defined by the KVKK and other applicable laws, personal data may be transferred to legally authorized administrative or judicial institutions without explicit consent but within the legal limits.
    Sensitive personal data related to health and sexual life may be transferred without consent only for purposes such as public health protection, preventive medicine, medical diagnosis, treatment, and healthcare service management, and only by persons or institutions bound by confidentiality obligations.
    8.2. Institutions and Organizations to Which Personal Data May Be Transferred
    Personal data may be transferred to the following entities while ensuring compliance with KVKK and relevant regulations:

    Suppliers,
    Business partners and affiliates,
    Corporate group companies,
    Legally authorized public institutions and organizations,
    Legally authorized private legal entities,
    Shareholders.
    These transfers will always comply with the principles and rules outlined in this policy.

    8.3. Measures Taken for the Lawful Transfer of Personal Data
    As Öz Yıldırım Group, we are committed to protecting personal data in all of our activities. This includes:

    Adhering to fundamental human rights as outlined in the Turkish Constitution and international agreements,
    Ensuring all personal data transfers are lawful, fair, and transparent,
    Implementing administrative and technical measures to safeguard data security.
    Öz Yıldırım Group reserves the right to update this policy in accordance with any future amendments to KVKK or changes introduced by the Personal Data Protection Authority.

    9. Cookie Policy
    9.1. What Are Cookies?
    Cookies are small text files stored on network-connected devices via browsers when you visit websites. Öz Yıldırım Group and third parties may use cookies on our websites as described in this policy.

    9.2. Why Do We Use Cookies?
    We use cookies for the following purposes:

    Enhancing your browsing experience by improving the functionality and usability of our websites,
    Recognizing you on your next visit and personalizing website content based on your interests,
    Targeting and re-targeting ads based on user preferences,
    Providing customized marketing offers, including promotions, discounts, and recommendations,
    Generating website traffic statistics,
    Determining how users find our websites and analyzing user interactions.
    9.3. Types of Cookies We Use
    For more details about the cookies used on our websites, please click here.

    9.4. Managing Cookies in Your Browser
    Web browsers are generally set to accept cookies by default. However, users can change their browser settings to disable cookies.

    Important Note: If you disable cookies, certain website functionalities may not work properly.
    For more information on cookie settings in different browsers, visit:

As a reminder, by disabling cookies through your internet browser, you will also disable all cookies, including those necessary for the proper functioning of our websites.