Politique de confidentialité
Personal Data Protection and Processing Policy
ARTICLE 1- PURPOSE
Baymineral Maden ve Kimya
Sanayi Dış Ticaret Limited Şirketi ("Baymineral") undertakes to
comply with personal data protection,
processing and destruction regulations in accordance with its social and legal responsibilities. This Personal
Data Protection and Processing Policy ("Policy") is applied to all of Baymineral within the framework
of the applicable legislation and is based on nationally accepted basic principles regarding personal data destruction. It includes the framework and principles for carrying out the necessary
destruction procedures within the scope of the relevant legislation.
The third paragraph of Article
7 of the Law on the Protection of Personal Data ("Law" or “KVKK”)
stipulates that "The procedures and principles regarding the deletion, destruction or anonymization of personal data shall be regulated by
regulation". Based on this provision and subparagraph (e) of the first paragraph of Article 22 of the Law, the
Personal Data Protection Board ("Board") prepared the Regulation on Deletion, Destruction or
Anonymization of Personal Data ("Regulation") and published it in the Official Gazette dated October 28, 2017
and numbered 30224.
Based on the above regulation, the purpose of this Policy is to determine the procedures and principles regarding
the deletion, destruction or anonymization of personal data collected by Baymineral in the
conduct of its activities in accordance with the Regulation.
ARTICLE 2- SCOPE
This Policy relates to the
personal data of employees, employee candidates, visitors, third parties (including but not limited to agents and
brokers) and third parties' employees working at Baymineral, which are processed in whole or in part
automatically or non-automatically provided that they are part of any data recording
system, and the storage and destruction
of this data.
ARTICLE 3- DEFINITIONS
Recipient Group:
The category of natural or legal person to whom personal data is transferred by the data controller.
Explicit Consent: Consent on a specific
issue, based on information and expressed with free will.
Electronic Media: Media in which personal data can be created, read,
modified and written with electronic devices.
Non-Electronic Media:
All written, printed, visual,
etc. other than electronic media.
environments.
Relevant Person:
The natural person whose
personal data is processed. Destruction:
Deletion, destruction or anonymization of personal data. Law/KVKK: Law
No. 6698 on the Protection of Personal Data.
Recording Medium: Any medium in which personal data processed by fully
or partially automatic means or by non-automatic means provided that it is part of any data recording
system.
Personal Data:
Any information relating
to an identified or identifiable natural person.
Processing of Personal
Data: Any operation performed
on personal data such as obtaining, recording, storing, preserving, modifying,
reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially
automatic means or by non-automatic means provided that it is part of any data recording
system.
Board: Personal Data Protection Board
Sensitive Personal Data: Data relating to race, ethnic origin, political
opinion, philosophical belief, religion,
sect or other beliefs, clothing, membership of associations, foundations or
trade unions, health, sexual life, criminal
convictions and security measures, and biometric and genetic data are sensitive
personal data.
Data Processor: A natural or legal person who processes
personal data on behalf of the data controller based
on the authorization granted
by the data controller.
Data Recording
System: It is the recording system where personal
data is structured and processed according to certain criteria.
Data Controller: The person who determines the purposes and means of
processing personal data and manages
the place where the data is kept systematically (data recording system) is the
data controller.
Deletion of Personal Data: Deletion of personal data; making personal data
inaccessible and non- reusable in any way for
the Relevant Users.
Destruction of Personal Data: The process of making personal data inaccessible,
unrecoverable and unusable by anyone in any way.
Destruction of Personal Data: Deletion, destruction or anonymization of personal data.
Anonymization: Rendering the data previously associated with a person unlikely to
be associated with an identified or
identifiable natural person under any circumstances, even by matching it with other data.
ARTICLE 4- RECORDING MEDIUM
Personal Data is securely
stored by Baymineral in accordance with the law in the environments listed below.
|
Electronic Media |
Non-Electronic Media |
|
✓ Servers (Domain, backup, e-mail, database, web,
file sharing, etc.) ✓
Software (office
software, portal, EBYS) |
✓
Paper ✓ Manual data recording systems (survey forms, visitor logbook) ✓
Written, printed, visual media |
|
✓ Information security devices
(firewall, intrusion
detection and prevention, log file, antivirus, etc.) ✓ Personal computers (Desktop, laptop) ✓
Mobile devices (phones, tablets, etc.) ✓
Optical disks (CD,
DVD, etc.) ✓ Removable memories (USB, Memory Card, etc.) ✓ Printer, scanner, copier |
|
ARTICLE 5- ISSUES REGARDING
THE PERSONAL DATA PROCESSING POLICY
5.1. General Principles for Processing Personal Data
Baymineral processes and protects
the personal data of Users within the scope of the Constitution of the Republic
of Turkey and the Law on the Protection of Personal Data.
In this context, Baymineral acts in line with the following principles:
•
As a prudent merchant,
it acts in accordance with the principles introduced by legal regulations and the general
rule of trust and honesty
in the processing of personal
data,
•
It ensures
that the personal data it processes is accurate and up-to-date, taking into
account the fundamental rights and
legitimate interests of personal data owners within the scope of the Law on the Protection of Personal Data, together with other laws that it must comply with within the scope of its
activities,
•
It clearly
and precisely determines the legitimate and lawful purpose
of personal data processing.
In this context, personal data is processed limited to the services provided or
to be provided and legal obligations.
The purpose for which personal data will be processed is determined before the personal data processing activity begins,
•
It processes
personal data in a manner that is conducive to the realization of the specified purposes and avoids the processing of
personal data that is not related to the realization of the purpose or is
not needed,
•
It retains
personal data only for the period specified in the relevant legislation that it
is obliged to comply with or for the period required for the purpose
for which they are processed.
5.2. Terms of Processing of Personal Data
Protection of personal data is a constitutional right. Fundamental rights and freedoms
may be restricted without prejudice
to their essence only for the reasons
set out in the relevant
articles of the Constitution and only by law.
Pursuant to the Constitution, personal data may only be processed in cases
stipulated by law or with
the consent of the individual.
In this direction and in
accordance with the Constitution, Baymineral processes personal data only in cases stipulated by law or with the
explicit consent of the data subject. The explicit consent of the personal data subject is only one of the
legal grounds that make it possible to process personal data in accordance with the law.
Apart from explicit consent,
personal data may also be processed in the presence of one of the other conditions listed below. The basis of the
personal data processing activity may be only one of the following conditions, or more than one of these conditions may
be the basis of the same personal data processing activity.
•
The personal
data of the data subject may be processed in accordance with the law without obtaining
his/her explicit consent, if expressly provided
for in the law.
•
The personal
data of the data subject may be processed if it is mandatory to process the personal
data of the person who is unable to disclose
his/her consent due to actual impossibility
or whose consent cannot be recognized as valid in order to protect his/her or another
person's life or physical integrity.
•
Provided that
it is directly related to the establishment or performance of a contract, it is possible to process personal data if it is
necessary to process personal data belonging to the parties to the
contract.
•
If the
personal data is made public by the data subject himself/herself, the relevant
personal data may be processed.
•
If data
processing is mandatory for the establishment, exercise or protection of a
right, the personal data of the data
subject may be processed.
Baymineral sensitively complies with the regulations stipulated
in the Personal Data Protection
Law in the processing of
personal data determined as "special
quality" by the Personal Data Protection Law.
In Article 6 of the Law on the Protection of Personal Data, certain personal
data which, when processed unlawfully, carries the risk of causing victimization or discrimination of persons, are defined as "special categories".
These data include data on
race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions,
health, sexual life, criminal convictions and security measures,
and biometric and genetic data.
In accordance with the Law on the Protection of Personal Data, special categories
of personal data are processed
by Baymineral in the following
cases, provided that adequate measures
to be determined by the Personal Data Protection
Board are taken:
If the personal data owner has
explicit consent or if the personal data owner does not have explicit consent; personal data of special nature
other than the health and sexual life of the personal data owner are processed in cases stipulated by
law, and personal data of special nature related to the health and sexual life of the personal data owner are processed
only by persons or authorized institutions
and organizations under the obligation of confidentiality for the protection of
public health, preventive medicine, medical
diagnosis, treatment and care services,
planning and management of health services
and financing.
Although it has been processed
in accordance with the provisions of the KVKK and other relevant laws, personal data shall be deleted,
destroyed or anonymized by the data controller ex officio or upon the request
of the data subject
if the reasons requiring
its processing disappear.
When the retention periods
stipulated in the relevant legislation or required by the purpose of processing expire, during the 6-month
period stipulated for periodic destruction; Baymineral deletes or anonymizes the personal data it processes
by using one or more of the deletion and anonymization
methods specified in the guide on Deletion, Destruction or Anonymization of
Personal Data published by the KVK
Board, using one or more techniques that are most suitable for business processes
and activities.
ARTICLE 6- DISCLOSURE OBLIGATION
According to the Constitution
of the Republic of Turkey, everyone has the right to be informed about personal data concerning him/her.
Accordingly, Article 11 of the Law on the Protection of Personal Data lists "requesting information" among the rights of the personal
data subject.
In this context, Baymineral
provides the necessary information in case the personal data owner requests
information in accordance with
the Constitution and KVKK.
In accordance with Article 10
of the LPPD, Baymineral also informs personal data subjects about the purpose for which personal data will be processed
during the acquisition of personal data, to whom and for what purpose the processed personal data may be
transferred, the method and legal reason for collecting personal data and the rights of the personal data subject under Article 11 of the LPPD.
In addition, Baymineral ensures
informing and transparency in personal data processing activities by announcing to personal data owners and
those concerned that it carries out personal data processing activities in accordance with all
matters in the KVKK and the "law and honesty rule" through various public documents,
especially this Policy.
ARTICLE 7- TRANSFER OF PERSONAL
DATA
Personal data held by
Baymineral are securely stored and not disclosed to third parties outside the legal framework. Baymineral, persons, institutions and/or organizations, business
partners, all authorities and channels required for the
execution of the User Agreement, public legal entities authorized to receive personal data such as Courts, Public
Prosecutor's Offices, SSI, BRSA, BRSA, CMB,
MASAK, BKM, authorities, our domestic / foreign affiliates; to companies
operating in the capacity of intermediary/agency,
to third parties from and to whom services are received and provided in order to carry out company activities, to cooperating and program partner
institutions, organizations, domestic/foreign banks, funds, cooperating organizations, domestic/foreign/international organizations from which service/support/consultancy is received or project/program/financing partner and independent audit and support
services are received due to legal obligations but within the framework
of legal limitations.
ARTICLE 8- RIGHTS OF THE DATA SUBJECT PURSUANT
TO ARTICLE 11 OF
THE KVKK NUMBERED 6698
Pursuant to Article 11 of the KVKK No. 6698, personal
data owners are entitled to
•
Learn whether personal data is being processed,
•
Request information if their personal data has been
processed,
•
To learn the purpose
of processing personal
data and whether
they are used for their
intended purpose,
•
To know the third
parties to whom personal data is transferred domestically or abroad,
•
To request
correction of personal data in case of incomplete or incorrect processing and
to request notification of the
transaction made within this scope to third parties to whom personal
data is transferred,
•
Although it
has been processed in accordance with the provisions of the KVKK and other relevant laws, to request the deletion or
destruction of personal data in the event that the reasons requiring its processing disappear
and to request notification of the transaction made
within this scope
to third parties to whom personal data is
transferred,
•
To object to
the emergence of a result to the detriment of the person himself/herself by analyzing
the processed data exclusively through automated systems,
•
In case of damage
due to processing in violation of the KVKK, requesting the compensation of the damage.
ARTICLE 9- DATA CONTROLLER UNDER THE LAW
In order to exercise your
rights set forth in Article 11 of the LPPD, you may contact Baymineral in writing or through other means determined
by the Personal Data Protection Board by using the contact information
specified below.
Correspondence Address:
Baymineral Maden
ve Kimya San. Dış Tic. Ltd. Şti.
Cevizli Mah. Tugay Yolu Cad. No:69A İç Kapı No: 191 Maltepe, Istanbul
Call Phone: 0(216) 706 29 60
E-mail: kvkk@baymineral.com
ARTICLE 10- FINAL PROVISIONS
In case of incompatibility between the provisions of
the KVKK and other relevant legislation and this Policy, the provisions of the KVKK and
other relevant legislation will be applied first.
Baymineral may change
the content of this Policy
whenever it deems necessary. The updated Policy
will enter into force on the date of publication. The last update date is at the end of the text.
In the event of any dispute,
Baymineral's records alone shall prevail
and bind the parties.
Last updated:
29/05/2024
GDPR
THE
PROTECTION OF PERSONAL DATA
CONFIDENTIALITY
AGREEMENT
1.
THE PARTIES
This
Confidentiality and Non-Disclosure Agreement (“Contract") is signed by
"Baymineral Maden ve Kimya Sanayi Dış Ticaret Limited Şirketi (" the
"Küçükbakkalköy Mahallesi, Tevfik Fikret Caddesi No: 32, K: 5 POB34750
Ataşehir, Istanbul, Turkey") “Disclosing Party”) and
_________________________ (“ Receiving Party ”) operating at
___________________ on __ / __ / 202*.
The
Disclosing Party and the Receiving Party will be referred to separately as the
"Party" and together as the "Parties".
2.
SUBJECT AND PURPOSE OF THE AGREEMENT
This
Agreement is within the framework of __ / __ / 202* dated _____________ ("Articles of
Association") signed between the parties; Under the Law on the Protection
of Personal Data No.6698 and other relevant legislation ("KVKK" or
"Law"), with the regulation of the obligations of the Parties, before
or during or after the contractual relationship. The parties will share
personal data and sensitive personal data; it determines the rights and
obligations of the parties for the protection of all kinds of information.
3.
DEFINITIONS
3.1.
Explicit Consent: Consent based on the information and expressed with free will
regarding a specific subject.
3.2.
Relevant User: Except for the person or unit responsible for the technical
storage, protection and backup of the data, they are the persons who process
personal data within the organization of the data controller or under the
authorization and instruction received from the data controller.
3.3.
Destruction: Deletion, destruction or anonymization of personal data.
3.4.
Law / KVKK: Personal Data Protection Law No. 6698.
3.5.
Recording Media: Any medium that contains personal data that is wholly or
partially automated or processed non-automatic, provided that it is a part of
any data recording system.
3.6.
Personal Data: All kinds of information regarding an identified or identifiable
natural person. So much, so that personal data includes all types of personal
data of unique nature.
3.7.
Sensitive Personal Data: Data on race, ethnicity, political opinion,
philosophical belief, religion, sect or other beliefs, dress, association,
foundation or union membership, health, sexual life, criminal conviction and
security measures and biometric and its genetic data are personal data of
unique nature.
3.8.
Processing of Personal Data: Obtaining, recording, storing, preserving, changing,
reorganizing, disclosing, transferring, taking over, making available, through
fully or partially automatic means of personal data or non-automatic means
provided that it is a part of any data recording system, Any action taken on
the data, such as classification or prevention of use.
3.9.
Making Personal Data Anonymous: Making personal data unidentifiable or
unrelated to a natural person, even matching with other data.
3.10.
Transfer of Personal Data: The transfer of personal data verbally and / or in
writing by the Disclosing party to the Receiving Party in any electronic medium
or other means.
3.11.
Deletion of Personal Data: Deleting personal data; making personal data
inaccessible and unavailable in any way for Related Users.
3.12.
Destruction of Personal Data: The process of making personal data inaccessible,
unrecoverable and reusable by anyone.
3.13.
Board: Personal Data Protection Board.
3.14.
Data Subject: A real person whose personal data is processed.
3.15.
Data Processor: Real or legal person who processes personal data on behalf of
the data controller based on the authority given by him.
3.16.
Data Controller: Real or legal person who determines the purposes and means of
processing personal data and is responsible for the establishment and
management of the data recording system
4.
PRIVACY
4.1.
All personal data, including unique personal data defined and included in this
article, and all kinds of written, audio, visual and / or verbal information
will be considered Confidential Information
4.2.
At the stage of establishment, execution and after the termination of the
Articles of Incorporation, each Party shall ensure that no official /
unofficial documents, procedures, instructions, financial statements, trade
secrets and correspondence and all kinds of commercial, financial and technical
information belonging to the other Party. ; All kinds of information and
documents transmitted physically or electronically to another party, except for
those that will be made available to the public for the realization of the
contract; Except for those written above, it cannot disclose any information
and document and / or information subject to other legal protection, cannot
illegally process it in an electronic or physical environment, use it in other
companies it will work with, and cannot give it to other third parties for free
or free of charge and cannot mediate its issuance.
4.3.
The Receiving Party cannot operate, transfer or explain in an illegal manner;
Within the scope of the Articles of Incorporation, all kinds of visual or
written documents and information shared with the Receiving Party, especially
those that are shared with the Receiving Party or that are self-consensual, and
which are identified with third parties and other real persons and legal
entities with whom the Disclosing Party has established a membership or
commercial relationship; all kinds of information, document, formula, method,
invention, design, brand, patent, utility model, source code, software,
program, application, computer program, information about new products and
development of new products, descriptions and their working methods, production
and operating techniques and information regarding service, operation,
production, marketing, sales, information technology, financial and
administrative structure, all kinds of lists, information and documents about
customers and potential customers, especially other matters that should be
considered as trade secrets by the Disclosing Party. All kinds of information,
especially address information, biometric data and health data, visual or audio
documents and all kinds of personal data specified in the KVKK, need to be
protected, and special quality personal data belonging to any natural or legal
person sent under the Articles of Association. During or even after the
termination of the contract in any way, without the knowledge and permission of
the Disclosing Party.
4.4.
Situations where Confidential Information needs to be disclosed within the
scope of fulfillment of the obligation of performance pursuant to the Articles
of Incorporation, situations where Confidential Information is required to be
disclosed to official authorities by law, especially KVKK legislation, and
situations with the written consent of the Party sharing the Confidential
Information are reserved.
5.
PROTECTION OF PERSONAL DATA
5.1.
The Parties will process all personal data of natural persons, including unique
personal data transferred between each other, under the principles and
processing conditions stipulated in the Law. Regarding the processing and
transfer of personal data, the parties are obliged to carefully comply with the
requirements and regulations set out in the KVKK, without prejudice to other
provisions in the laws of the Republic of Turkey. The parties shall be liable
to the extent of causing any damage and fault for any damage arising from the
failure to fulfil these and other obligations mentioned in the KVKK in terms of
personal data to be obtained within the scope of this Agreement.
5.2.
Parties;
5.2.1.
While processing personal data, it will comply with the principles in article 5
of KVKK,
5.2.2.
Will not use personal data directly or indirectly other than the purposes and
requirements of the service between the Parties,
5.2.3.
It takes all necessary security measures in its own eyes for the transfer of
personal data,
5.2.4.
Provides necessary technical, administrative and legal protection measures to
prevent unlawful access to personal data,
5.2.5.
During and after the transfer of personal data, it will have responsibilities
regarding the data controller arranged in KVKK,
5.2.6.
The data controller and the relevant user authorized by him / her will act
under all legal regulations, especially KVKK,
5.2.7.
To fulfil its obligations in the Articles of Association, it accepts, declares
and undertakes that it will be responsible for the intent and gross negligence
of the real and / or legal persons from whom it receives services within the
scope of all kinds of services received from real and legal persons who are not
a party to the Articles of Association.
5.3.
Disclosing Party agrees, declares and undertakes that they will securely store
personal data sent/transferred to the Receiving Party under the Articles of
Association or associated with the other Party, of which the Receiving Party is
automatically consented, in the physical or electronic environment within the
appropriate period of Data Transfer. Furthermore, Receiving Party accepts,
undertakes and declares that they will delete or destroy the data under its
protection, storage and destruction policy if the periods foreseen in the legislation,
especially the KVKK Law, expire, or if there is no period stipulated in the
relevant legislation regarding the storage of the personal data and will make
them anonymous. Consequently, the data will be destroyed in a way that cannot
be used and retrieved in any way.
5.4.
If any of the parties violates any of the obligations given above and listed in
the KVKK and the Board determines the violation, the Party that has been
subjected to penalties and sanctions due to its fault irrevocably accepts,
declares and undertakes that the other Party will not have any material or
moral responsibility due to any penalty or sanction imposed by the Board.
5.5.
The adverse Party is not obliged to control and audit whether the obligations
of the Parties specified in this Agreement are fulfilled or not.
6.
AMENDMENT AND WAIVER
6.1.
Amendments, acceptances, changes, or additions to this Agreement will not be
deemed valid and binding without the Parties' written Agreement. The waiver is
not binding unless made in writing by the disclaimer.
6.2.
Failure to exercise any of the rights under this Agreement by the Parties or to
postpone their usage will not be considered a waiver of the rights, and the use
of such rights alone or in part will not prevent the exercise of other rights.
7.
PROTECTION OF PERSONAL DATA, PRIVACY AND BREACH OF PRIVACY
7.1.
The parties acknowledge and undertake that they will fully fulfil their
obligations within the scope of the Personal Data Protection Law No.6698
("KVKK") and the relevant legislation in force and to come into
force. The parties accept and undertake that any information specified in
Article 2 of this agreement and obtained within the scope of the Articles of
Association is Confidential Information and acknowledge that they are obliged
to show the necessary care expected from them in preventing the disclosure of
the trade secrets and Confidential Information that they have been fond of
during the Data Transferred Articles of Association.
7.2.
Receiving Party is obliged to obtain express written consent from the
Disclosing Party to collect, record, process, store, transfer, and share with
the Institutions and Organizations and its domestic and foreign affiliates to
fulfil its obligations under the Articles of Association. Otherwise, all kinds
of direct and indirect damages, damages and compensation and / or
administrative fines under whatever name all third parties demand from the
Disclosing Party and the Disclosing Party will have to pay will be recourse to
the Receiving Party.
7.3.
Receiving Party understands that unauthorized use or disclosure of all or any
part of Confidential Information may harm the Disclosing Party. Therefore, the
Receiving Party acknowledges, declares and undertakes that the partial or
complete violation of this contract will violate the provisions of the Turkish
Commercial Code, Turkish Penal Code and Personal Data Protection Law. All kinds
of legal, financial, administrative and criminal liability due to such a
violation belongs to him, and all positive and negative damages of the
Disclosing Party caused / to be caused by any name whatsoever, without the need
for any notice, warning and judgment (attorney fees and agrees, declares and
undertakes to indemnify compensation (including the costs of the proceedings at
any stage). In addition, it accepts, declares and undertakes to pay __________ TL as penal
clause.
8.
NOTIFICATION ADDRESSES
The
notification procedure and all kinds of notification addresses specified by the
Parties in the Articles of Association are valid to fulfil the matters in this
Agreement and make the required notices and notifications. Suppose any
procedure or address for notification is not specified or cannot be understood
in the Articles of Association. In that case, only the corporate e-mail
addresses of the Parties and the addresses included in the 1st article of this
Agreement will be accepted as the notification address. Without prejudice to
the provisions of the Articles of Association, the Parties agree, declare and
undertake that all notices and notices to be made to the addresses included in
this contract will be valid if they do not notify the other party of the
address changes stated in Article 1 through a notary.
9.
APPLICABLE LAW AND COMPETENT COURT
Istanbul
Courts and Enforcement Offices are authorized to interpret this contract and in
all disputes that will arise due to this contract, and Turkish law is applied.
10.
PARTIAL INVALIDITY
If
any of the articles of this contract are deemed invalid or cancelled, this does
not affect the other articles' validity.
11.
NOTIFICATIONS
The
notices and notifications in Article 18/3 of the Turkish Commercial Code
numbered 6102 will be made through a notary public, registered letter with
return receipt, telegram or registered electronic mail system using a secure
electronic signature.
12.
EFFECTIVENESS AND VALIDITY
12.1.
This Agreement is an annex and integral part of the Articles of Association
signed between the Parties and cannot be interpreted separately from the
Agreement. The parties acknowledge and agree that all changes made with this
Protocol will affect __ / __ / 202*.
12.2.
In the event of a conflict between the Articles of Association and this
Agreement, the provisions of this Agreement are given priority, except for Article
8 of this Agreement.
12.3.
This Agreement has been drawn up in 2 (two) copies and signed by the Parties
with each copy remain in both parties.
|
Disclosing Party |
Receiving Party |
|
Baymineral Maden ve Kimya Sanayi Dış
Ticaret Limited Şirketi |
|
|
Name: Signature: |
Name: Signature: |