İREN Machinery Chemical Construction Food Tourism Industry and Trade Limited Company Disclosure Text

 

As İREN Machinery Chemical Construction Food Tourism Industry and Trade Limited Company, we take maximum care to protect and secure your personal data. In this context, we would like to inform and enlighten you as the Data Controller in the most transparent manner regarding how your personal data is collected, the purposes of processing, the legal grounds for processing, and your rights in accordance with the Law on the Protection of Personal Data No. 6698 (“Law”) and relevant legislation, especially in protecting individuals' fundamental rights and freedoms, including the privacy of private life.

 

• Identity and Address Information of the Data Controller and its Representative: The legal entity that will register in the VERBIS system in compliance with the obligations imposed by the Law No. 6698 is İREN Machinery Chemical Construction Food Tourism Industry and Trade Limited Company. The company, with tax identification number 480 014 4268, operates at Sedat Simavi St. 50/1 (06550) Çankaya / Ankara / Turkey, under the Seğmenler Tax Office.

 

• Purpose of Processing Personal Data: The personal data held by İREN Machinery Chemical Construction Food Tourism Industry and Trade Limited Company will be processed to ensure compliance with the purpose of the law, which is to protect the privacy of private life and not to violate individuals' fundamental rights and freedoms, in accordance with the company's policies. The personal information obtained from employees will be processed as personal data in the registry due to legal obligations such as company procedures, Social Security Legislation, and Labor Legislation. Data obtained regarding the company's procurement of materials, services such as IT, accounting, and legal services, and commercial activities such as
buying and selling will also be processed as personal data in the registry. Additionally, the recordings obtained from the Visual Recording Devices positioned within the production area of the company and the information obtained from electronic devices used by company personnel to carry out their duties will be kept and recorded for Physical Security and Operational Security purposes.

 

• Explanations about the data subject groups and the categories of data belonging to these individuals: The personal data to be processed by İREN Machinery Chemical Construction Food Tourism Industry and Trade Limited Company includes the following Data Subject Groups:

o Job Candidate (Personnel in the Trial Period)
o Employee - Authorized Representatives
o Individuals or Institutions from which the Company receives products or services
o Intern
o Supplier Employee
o Supplier Representative
o Individuals or Institutions receiving products or services from the Company
o Visitor

 

The data subjects are categorized into nine groups as listed above. The categories of data for the Data Subjects divided into nine groups include:

• Identity
• First Name, Last Name
• Mother's Name
• Father's Name
• Mother's Maiden Name
• Date of Birth
• Place of Birth
• Marital Status
• ID Card Serial Number

 

• Information such as the Turkish Identification Number: The identity information of personnel working under the Social Security Law as insured employees at İREN Machinery Chemical Construction Food Tourism Industry and Trade Limited Company is obtained to fulfill the obligations imposed by the Social Security Legislation and will be kept as personal data. In online, written, or verbal orders, the identity information of the person or legal entity representative to whom the product will be delivered is obtained to ensure the successful delivery of the product and will be kept as personal data. Identity information obtained due to services provided outside the company will be stored as personal data to ensure that the contract is valid for both parties.

 

• Contact Information: Information related to residence address, email address, communication address, registered electronic mail (KEP), and phone number is obtained to facilitate communication among personnel, inform personnel about work instructions, etc., and will be stored as personal data. In online, written, or verbal
orders, this information is obtained to provide information about the order and delivery to the ordering person or institution, and such personal data will be retained.

 

• Location: The location information obtained from the vehicle tracking system in vehicles assigned to personnel serving in the company's Marketing department is retained in line with the nature of the job and will be kept as personal data.

• Personal File: Information in the personal files of the company’s personnel is obtained under Social Security and Labor Law and is collected with the explicit consent of the personnel due to reasons such as payroll preparation by the accounting department, disciplinary investigations by human resources, submission of employment entry-exit declarations, performance evaluations, and consideration of CV information. This information, which is classified as personal data, will be retained by the company.

• Legal Transactions: Personal data obtained for the purpose of sharing necessary information and documents with competent authorities designated by the law regarding legal issues encountered by employees or third parties and institutions involved in the company's commercial activities will be retained by the company.

• Customer Transactions: Information regarding documents such as invoices, promissory notes, receipts, and order forms prepared for third parties as part of the company's normal commercial activities will be obtained to continue the commercial relationship between the parties and will be retained as personal data.

• Physical Space Security: The video recording devices placed in the production area and management unit record the entries and exits of company personnel and visitors. Information and documents obtained from these devices, used to ensure the safety of personnel and visitors and to solve potential problems, will be retained as personal data by the company.

• Transaction Security: Information and documents classified as personal data obtained from transactions carried out on computers that contain all company secrets and are allocated for personnel use will be retained by the company. These include emails assigned to personnel, accounting transactions, and data entry related to personal information.

• Finance: As part of the company’s commercial activity, personal data regarding the balance sheets of business partners who are individuals or institutions, credit, risk assessments, and information related to assets will be retained by the company.

• Professional Experience: Information such as diplomas, courses, in-service training records, transcripts, and certificates demonstrating the education, experience, and skills of personnel to be employed by the company will be retained as personal data to ensure that the criteria sought by the company are met.

• Marketing: Information and documents obtained in the course of the marketing activities of the company will be considered personal data and retained by the company.

• Race and Ethnic Origin: Due to regulations prohibiting the employment of foreign personnel without work permits, the company requires nationality information from all job applicants. For foreign personnel, in addition to nationality, information and documents regarding work permits are also requested. This information, obtained from personnel who provide such documents, will be classified as personal data and retained by the company.

• Health Information: For the company to continue its commercial activities, information and documents obtained to ensure the necessary medical examinations as required by the Social Security Law, Labor Law, and Occupational Health and Safety Law, as well as those confirming that there is no impediment to working in the job field certified by a medical report, will be retained as personal data due to the obligation to employ disabled workers specified in the Labor Law.

• Criminal Convictions and Security Measures: When hiring new personnel, to determine whether the employee falls within the scope defined by the Labor Law, documents regarding criminal records obtained with the explicit consent of the employee will be classified as personal data and retained by the company.

• Biometric Data: Fingerprints taken from personnel for tracking entry and exit times at the factory and management unit are recorded using fingerprint reading devices installed in various areas of the factory. This data, collected for the purpose of maintaining work discipline and controlling personnel entry and exit, is classified as personal data and retained by the company.

• Genetic Data: In accordance with Occupational Health and Safety regulations, information obtained from personnel who undergo entry examinations includes basic genetic data such as blood type, which may be needed in emergencies. This data will be retained by the company for the purposes mentioned above.

• Recipient Groups to Whom Personal Data May Be Transferred: The personal data specified above can be accessed by those concerned. The human resources department has access to identity, contact, health, diploma, biometric data, race, professional experience, legal transaction details, etc., as noted in the personal files. Additionally, the finance and accounting departments have access to necessary information for salary payments and executing commercial transactions with other individuals/institutions involved in the commercial relationship. The finance and sales departments can access information and documents necessary for communicating with individuals and institutions to continue commercial activities. In cases of legal issues faced by the company or concerning personnel, the consultant lawyer the company works with can access the relevant information and documents.

• Personal Data to Be Transferred to Foreign Countries: The company does not transfer any data to foreign countries.

• Measures Taken Regarding Personal Data Security: The company has taken administrative and technical measures in this regard.

• Administrative Measures: Current risks and threats have been identified; the company only obtains personal data that is not sensitive, consisting of basic personal data such as the titles and tax identification numbers of the companies/individuals it works with. Training has been provided to relevant personnel regarding the obligations imposed by the Personal Data Protection Law concerning the protection of this information. This training emphasizes that personnel in positions with access to personal data must not disclose or share this information unlawfully. Additionally, necessary information has been provided on reducing unnecessary personal data collection, and the potential consequences of data breaches have been addressed. Necessary measures have been taken in terms of cybersecurity. Given the reality that all kinds of information and documents are stored electronically, the company has taken necessary precautions against potential attacks, including antivirus software and security measures for the server.

• Maximum Duration for Processing Personal Data: Personal data that must be obtained and stored will be kept in the company archives for the duration mandated by law. However, once this period ends, the information and documents will be immediately destroyed. Information and documents obtained earlier are not retained on the grounds that they may be needed later. According to Social Security and Labor laws, information noted in employees' personal files must be retained for ten years following the year in which they are relevant. Personal data obtained in this scope will be kept for ten years from the relevant year and will then be immediately destroyed. According to the Tax Procedure Law, since the company is obliged to keep records, it must retain ledgers and the documents described in the third section of the VUK for five years, starting from the calendar year following their relevance. In this regard, order forms, delivery notes, invoices, and similar commercial records will be retained for five years following the calendar year to which they relate. However, since these periods are stated as ten years in the Turkish Commercial Code, commercial records will be kept for ten years. This scope includes all types of commercial transactions such as check samples, payment documents, etc. These will also be destroyed immediately after this period. Records will be kept for one year and then immediately destroyed. Recorded images will be retained for twenty days. In case of possible problems, these documents will be automatically destroyed twenty days after they are recorded. Our company fulfills its obligations under the Personal Data Protection Law within the limits mandated by law.

 

Click here for the Personal Data Protection Application Form.