Information Text on the Protection of Personal Data (PDPL)
SUMMARY OF OUR DATA PROTECTION POLICY AND INFORMATION TEXT ON THE PROTECTION OF PERSONAL DATA
The main purpose of Law No. 6698 on the Protection of Personal Data ("Personal Data Protection Law," referred to as the "PDPL") is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the principles and procedures to be followed by natural and legal persons processing personal data. In addition, according to the Constitution of the Republic of Turkey, everyone has the right to demand the protection of personal data related to themselves. In terms of the protection of personal data, which is a constitutional right, all the companies listed below are separately responsible, each referred to as the "Company" hereinafter. Although the legal entities of the Company are separate, they operate in the same business line at the same address and are subsidiaries of the same group company. Our companies continue their activities through a single website. In this context, the Information Text, Cookie Policy, and Application form have been jointly designed.
Each of the following companies, each of which has the title of Data Controller, is extremely sensitive to the security of personal data in our Company. The summary content of our personal data policy implemented in our company and all processes related to the collection and processing of personal data are summarized below. This policy summary and information text manage; It aims to take the necessary care to protect the personal data of Employees, Employee candidates, company officials, visitors, Customers, employees of the institutions we cooperate with, shareholders, officials, and third parties and to make it a company policy. In this context, the necessary administrative and technical measures are taken by our company for the protection of personal data processed in accordance with the relevant legislation.
This information text includes a summary of the Personal Data Protection Policy created and implemented within our company.
You can obtain our detailed Personal Data Protection Policy from our company.
Definitions
- Relevant Person / Natural Person: The person to whom the personal data belongs,
- Recording Medium: Any medium containing personal data processed by entirely or partially automatic means or non-automatic means as part of any data recording system,
- Data Processor: The real or legal person who processes personal data on behalf of the data controller based on the authority given by him,
- Data Controller: The real or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system,
- Law No. 5651: The Law on the Regulation of Publications on the Internet and the Fight Against Crimes Committed Through These Publications,
- Law No. 6698/Personal Data Protection Law: The Law on the Protection of Personal Data.
1. Data Controller
In accordance with Law No. 6698 on the Protection of Personal Data, all the companies listed below are separately titled as "Data Controller," and you can reach our companies through the contact information provided below.
C: | STARKGEN ENERJİ JENERATÖR İMALAT SANAYİ VE TİCARET A.Ş. |
A: | Hanlı Sakarya, Satso Sokak No:33, 54580 Arifiye / Sakarya / Türkiye |
W: | www.starkgen.com |
T: | +90 264 295 83 00 |
Kep: | starkgenenerjijenerator.00merkezkamu@hs02.kep.tr |
*************************************************************************
C: | STARKGEN JENERATÖR PAZARLAMA VE TİCARET A.Ş. |
A: | Hürriyet Mah. Yakacık D100 Kuzey Yanyol No:49, D:1, 34876 Kartal / İstanbul / Türkiye |
W | www.starkgen.com |
T: | +90 216 453 04 04 |
Kep: | starkgenjenerator.00merkezkamu@hs02.kep.tr |
2. Method of Personal Data Collection and Legal Basis
Your personal data is collected by our Company through various channels with the purpose of conducting our activities, based on legal reasons for compliance with laws, regulations, and Company policies. Your data is gathered verbally, in writing, and visually through different channels such as call centers, the internet, mobile applications, social media, public platforms, customer visits, events, customer satisfaction surveys, and similar activities. This includes activities during trade fairs, training events, and visits to our facilities. The legal basis for the collection of personal data is in accordance with the principles specified in the Law on the Protection of Personal Data (Personal Data Protection Law), and the conditions and purposes of personal data processing stated in Articles 5 and 6 of the law.
Your personal data is processed and may be transferred within the scope of the purposes specified in this Information Text, in accordance with the basic principles outlined in the Personal Data Protection Law Law. These purposes include:
- Fulfillment of our legal obligations to provide sales and after-sales warranty services to our customers,
- Compliance with legal obligations related to our employees according to labor and other laws and regulations,
- Fulfillment of legal obligations related to spare part availability and supply for the products and services we offer,
- Provision of technical support services to our customers during and after the warranty period,
- Explicit provisions in the applicable legislation for our companies,
- Necessity of processing personal data for the establishment or performance of a contract to which the data subject is a party,
- Obligation for the fulfillment of legal requirements,
- Explicit consent provided by the data subject for personal data processing,
- For special categories of personal data, processing based on explicit consent, exceptions stipulated in laws, and processing for the purposes of protection of public health or execution of healthcare services.
In addition to the above, explicit consent is obtained for personal data not covered by the mentioned purposes.
3. Principles of Personal Data Processing
The principles followed by our Company in the processing of personal data include:
- Informing and enlightening the data subjects,
- Establishing a system for data subjects to exercise their rights,
- Taking necessary technical and administrative measures for the storage of personal data,
- Processing personal data in accordance with the law and principles of fairness,
- Keeping personal data accurate and up-to-date when necessary,
- Processing personal data for specific, explicit, and legitimate purposes,
- Processing personal data in connection with the purpose of processing, limited and proportionate to the purpose,
- Complying with the relevant legislation and Personal Data Protection Law Board regulations when transferring personal data to third parties,
- Showing necessary sensitivity in the processing and protection of special categories of personal data,
- Retaining collected personal data for a period specified in the relevant legislation or as required by the purpose of processing.
4. Purpose of Personal Data Processing
Your personal data collected within the scope of your relationship with our Company may be processed for the following purposes, in accordance with Articles 5 and 6 of the Personal Data Protection Law Law:
- Explicit provisions in the legislation allowing the Company to engage in relevant activities,
- Fulfillment of legal obligations arising from contracts, contract management,
- Establishment of legal transactions and follow-up of legal processes,
- Planning and management of Corporate Governance and Corporate Communication activities,
- Management of investor and partnership relations,
- Necessary processing for the protection, use, or defense of the rights of our Company, you, or third parties,
- Planning and execution of corporate activities,
- Fulfillment of legal obligations for our Company,
- Responding to information requests from public authorities,
- Ensuring legal and commercial security,
- Planning, auditing, and executing information security processes,
- Legally compliant execution and follow-up of financial and/or accounting transactions,
- Ensuring facility and personnel security,
- Planning and execution of emergency management processes,
- Notification to law enforcement in case of crime or legal violation,
- Evaluation, response, and improvement activities regarding suggestions/requests/complaints submitted by customers through any channel,
- Execution of Human Resources processes and the conduct of our activities.
For processing activities not meeting any of the conditions stipulated in the Personal Data Protection Law Law, explicit consent is obtained from you by our Company.
5. Personal Data Acquisition and Processing
(1) Processing of Personal Data of Website Users (Online Visitors) and WIFI Service Users;
Users of our website may provide their personal information such as name, surname, email, message, sector, and the subject of the form through the contact address on starkgen.com by filling out a form or by sending it to our company's "info" email address in order to make requests and suggestions.
Users acknowledge that they share this personal data voluntarily and solely for the purpose of evaluating requests and suggestions directed by users. This personal data will only be processed for the evaluation of requests and suggestions directed by users.
In addition, "traffic information" consisting of the IP address of users visiting our website, the start and end time of the provided service, the type of service utilized, the amount of transferred data, and, if any, subscriber identity information, is processed in accordance with the Law No. 5651.
(You can review our detailed cookie policy on our website)
(2) Processing of Personal Data of Suppliers and Customers;
The minimum level of personal data obtained and processed for the tracking and execution of product, service, or goods supply processes of our company includes personal data of real person suppliers, supplier employees, and/or supplier representatives,
Personal data of our customers, processed for the fulfillment of legal obligations arising from the product or service they have purchased (providing After Sales Technical support service, ensuring the supply and maintenance of spare parts) are processed at a minimum level.
Relevant data (Name-surname, phone, address, phone number, email address, technical information about the purchased product or service) are stored in CRM and ERP environments and company phones.
(3) Processing of Information about Our Company's Personnel;
These data belong to our company employees and, with the explicit consent of the employees, the minimum level of information required by the relevant law is obtained. These data are stored in personnel files, payroll programs, and common areas.
During the employment period, this information is available in the personnel file, and the information of separated employees is stored in accordance with the relevant law and then destroyed.
Upon the request of customers, the resumes of our employees are shared with customers for the purpose of continuing the commercial activities of the company, with the explicit consent obtained from the employee.
Personal data cannot be stored on devices such as phones, computers, and vehicles allocated to employees by our company. If the devices are returned, all information on the device is cleared, and any requests related to employee personal data are handled.
Personal data obtained from online applications for the purpose of working in our company are used only during the evaluation process and are destroyed afterward. For candidates invited for interviews, explicit consent is obtained for the retention of resume information for a certain period. Applications are filed and destroyed at the end of the period.
6. To Whom and For What Purpose Processed Personal Data Can Be Transferred;
Your collected personal data can be transferred in case it is clearly envisaged by law or in the following cases,
For our customers, to fulfill the obligations arising from the product or service they have purchased, After Sales warranty processes of the purchased product or service are carried out by our technical services and authorized dealers, our business partners, group companies, affiliates, shareholders, and suppliers,
For our employees, to fulfill our obligations under the Labor Law, Occupational Health and Safety, and Environmental legislation, to SGK, banks, consulates for passport procedures, and other official institutions, with the explicit consent of the employee, to our customers;
To legally authorized public institutions, law enforcement forces, courts, enforcement offices;
Our company can store personal data of online and physical visitors in accordance with the legislation and can share it with relevant public institutions and organizations upon request.
Personal data related to suppliers may be shared with relevant public institutions if necessary in relation to the obtained goods, products, or services.
In accordance with the processing conditions and purposes of personal data specified in Articles 8 and 9 of the Personal Data Protection Law, it can be transferred in a limited manner by taking necessary security measures.
Your personal data will not be used for purposes other than those stated above and will not be shared or transferred to third parties except for legal obligations and official institutions/organizations.
7. Ensuring the Security and Confidentiality of Personal Data
Our company, in accordance with Article 12 of the Personal Data Protection Law, takes all necessary technical and administrative measures to prevent the unlawful processing of personal data and unauthorized access to personal data and to ensure the adequate level of security for the protection of personal data.
7.1 Technical Measures Taken to Ensure the Lawful Processing of Personal Data and to Prevent Unauthorized Access to Personal Data
Technical measures are taken to the extent allowed by technology,
Work is carried out with a team of experts in technical matters,
Regular checks are carried out for the implementation of measures taken at regular intervals,
Software and infrastructure necessary for security are developed to ensure security,
Access to data processed within the company is monitored,
Measures such as hash encryption, transaction records, access management, and physical security measures are taken to protect information systems containing personal data from unauthorized access and unlawful data processing,
Backup processes are applied to ensure the secure storage of personal data,
The website and all systems containing personal data are protected by a network firewall
Technological solutions are used to protect systems processing personal data from malicious software,
Penetration and vulnerability tests are applied to all systems within our company, and continuous controls are maintained,
Our company has taken all technical, technological security measures to protect your personal data, and has protected your personal data against possible risks.
7.2 Administrative Measures Taken to Ensure the Lawful Processing of Personal Data and to Prevent Unauthorized Access to Personal Data
Activities for training and raising awareness of company employees regarding the Personal Data Protection Law and awareness training are carried out,
Ensuring that contracts include records stating that the party to whom personal data is transferred will fulfill data security in cases where personal data transfer is involved,
Identification of what needs to be fulfilled for compliance with the Personal Data Protection Law and the preparation of internal policies for applications,
Taking necessary measures for physical access,
Regular evaluation meetings are held to analyze the collected, processed, and transferred personal data and to ensure the destruction of all personal data that is no longer needed for processing purposes,
Board meetings are held to make protective administrative decisions for all processes and personal data security, and these decisions are implemented,
Budgets are created and investments are made to protect personal data in accordance with the decisions of the Board or by following technological developments,
7.3 Measures to be Taken in Case of Unauthorized Disclosure of Personal Data
In case personal data processed is obtained by others through illegal means, our company will initiate necessary analysis studies on all systems to detect the source of data leakage and prevent data leakage.
In case personal data processed is obtained by others through illegal means, our company will report this situation to the relevant data owner and the Board as soon as possible.
8. Preservation of Personal Data Accurately and Up-to-Date
The relevant groups of individuals whose personal data we process acknowledge that they know and accept that the accuracy and currency of the personal data shared by them and/or personally given by them, received due to contractual relationships or shared due to our commercial relationships are important for using their rights over personal data in terms of Personal Data Protection Law and for other relevant legislation, and that the responsibility for providing incorrect information belongs entirely to them. You can make changes and updates to the shared personal data by applying to us through our communication channels. (By applying through our communication channels by writing "Personal Data Update Request" on the subject, applying through the Kep address, applying in person to the Company Address, sending by registered mail, or filling out the Personal Data Protection Law Application form published on our website using one of the above methods.)
9. Storage Periods, Deletion, Destruction, and Anonymization of Personal Data
In accordance with the provisions of the Personal Data Protection Law, even if personal data has been processed in compliance with the relevant legislation, personal data is deleted, destroyed, or anonymized by our company ex officio or upon the request of the data subject when the reasons requiring the processing of personal data cease to exist.
The procedures and principles regarding this matter will be fulfilled in accordance with the Personal Data Protection Law and the secondary legislation to be created based on this Law.
9.1 Storage Period of Personal Data
The retention period for LOG records related to physical and online visitors, employees, employee candidates, supplier employees, shareholders, and partners accessing the internet service provided by our company is 2 years in accordance with Law No. 5651.
Entry and exit information of all physical visitors, including visitors to our company's physical spaces, employee candidates, supplier employees, shareholders, and partners, is kept for a period of 1 year.
The retention period for CCTV (camera) records for physical space security for all our employees and visitors is 30 days.
Personal data, including identity and contact information, professional experience related to our employees, and personal data, is retained for 10 years after the termination of the employment contract unless there is a special situation (legal process or another legal process in progress).
Entry and exit information (time and attendance information and visitor records) for our employees is kept for 2 years after the termination of the employment contract.
CVs or application forms sent by employee candidates for open positions are retained for a period of 1 year, considering the personnel selection and placement process.
Information on old identity cards received from employees for personnel files, including religious information and blood type, is retained for 2 years after the mandatory replacement time of identity cards until January 1, 2021 (after all our employees receive the new identity card and submit it to the personnel file).
Personal data related to our suppliers, customers, dealers, authorized service providers, and business partners is kept for 10 years from the termination of the legal and commercial relationship in accordance with the legislation. (For our customers, the data processing and storage process begins after the product warranty period expires, and it is kept for 10 years.)
Personal data collected and processed in legal processes such as court files, execution correspondence, legal debt collection lawsuits, etc., are kept for 5 years after the completion of the legal process.
Records of potential Customer Candidates, Dealer Candidates, and Service Candidates, including offers, requests, and surveys sent for business follow-up, are kept for 2 years if there is no legal reason for not starting commercial activities.
The retention period for customer personal data is 10 years after the end of the legally foreseen general warranty period of the service or product.
Identity and communication data shared for purposes other than commercial activities, such as starting commercial activities, with mutual consent (Suppliers, Companies Worked with Regarding Investments) is kept for 1 year.
Financial data resulting from audit activities conducted for our shareholders and partners for financial analysis and valuations is kept for 1 year.
Health data obtained from our employees and interns, as required by labor law and occupational health and safety regulations, and kept by our company doctor, is retained for 10 years after the termination of the employment contract and continues for an additional 10 years if there is an ongoing legal process after the termination of the employment contract.
Criminal Convictions and Security Measures Data category in the form of Criminal Records Certificate obtained from our employees is kept for 1 year after the termination of the employment contract.
9.2 Deletion and Destruction of Personal Data
The deletion or destruction of personal data in physical and digital environments refers to the deletion, destruction, or anonymization of personal data processed for the purposes specified in this Personal Data Protection Policy summary and information document when the purpose requiring the processing of personal data is eliminated, and the periods specified by the Turkish Penal Code Article 138 and the relevant legislation have expired, or when the storage purpose is eliminated.
When the storage periods specified by the legislation or required by the processing purpose have expired, our company will delete, destroy, or anonymize all personal data processed for the purposes specified in this document, within the 6-month period designated for periodic destruction. Personal data is deleted, destroyed, or anonymized by our company using one or more of the anonymization methods specified in the guide published by the Personal Data Protection Board, using the most suitable technique(s) for its business processes and activities.
9.3 Techniques for Anonymizing Personal Data
Anonymization refers to making personal data unidentifiable or associable with a real person in any way by matching it with other data.
Work has begun on processes such as masking, data derivation, using aliases, aggregating, and data obfuscation for anonymization.
Rights of the Data Subject Whose Personal Data is Processed
As data subjects whose personal data is processed, in accordance with Article 11 of the Personal Data Protection Law, you have the following rights. If you communicate your requests related to your rights through the methods specified in this Information Document, our company will fulfill your request within thirty days at the latest, free of charge, depending on the nature of the request. However, if a fee is foreseen by the Personal Data Protection Board, our company will charge the fee determined in the tariff. In this context, data subjects have the following rights:
- To learn whether personal data is processed,
- To request information if personal data has been processed,
- To learn the purpose of the processing of personal data and whether the processed data is used in accordance with its purpose,
- To know the third parties to whom personal data is transferred, whether it is transferred abroad,
- To request the correction of personal data if it is incomplete or incorrectly processed and to request notification of the transaction made within this scope to third parties to whom personal data has been transferred,
- To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law, and to request notification of the transaction made within this scope to third parties to whom personal data has been transferred,
- To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- To demand the compensation of the damage in case the person incurs damage due to the illegal processing of personal data.
In accordance with Article 11 of the Law and Article 13 (1) of the Law, your requests regarding your rights must be communicated to our company in writing or by other methods to be determined by the Personal Data Protection Board. In this context, in the applications you will make to our company within the scope of the Personal Data Protection Law Article 11, the channels and methods for submitting your written applications are explained below.
In accordance with Article 13 (1) of the Law; applications regarding these rights to our company, which is the data controller, must be submitted to our company in writing or by the other methods specified by the Personal Data Protection Board. In this context, for "written" applications to our company, the form provided on our website www.starkgen.com can be filled out completely and sent to our company's service address given in the data controller area by Registered Letter with Return Receipt, or a notary public can be sent by signing it with
secure electronic signature defined in the Electronic Signature Law and sending it to the registered electronic mail (KEP) address specified in the data controller registry.
The form can be filled out and submitted in person to the relevant facilities of our company.
The channels mentioned above are the "written" application channels in accordance with Article 13 (1) of the Law. Applications submitted in person by filling out the form can be made at the relevant facility, and after the methods announced by the Personal Data Protection Board, the methods for receiving applications will be announced by our company.
Changes and Updates that Can Be Made in this Information Document
Our company may make changes or updates to this information document in line with relevant legal regulations, changes in company policies, and changes in internal processes related to personal data. Information regarding all such changes and updates will be provided to the relevant individuals through the website.
Rev.1 – Updates have been made to our Personal Data Protection Policy and this information document as a result of the compliance process with the After Sales Services obligations to which our company is subject. Date: 20.11.2019
KVKK Başvuru Formunu İndir