• Personel Data Protection Policy

Personel Data Protection Policy

KVK Policy
BERSU AUTOMOTIVE LIMITED COMPANY
PERSONAL DATA PROTECTION AND PROCESSING POLICY
 
1. INTRODUCTION
1. Purpose and Scope of the Policy
Law No. 6698 on the Protection of Personal Data ("Law") entered into force on 7 April 2016 and this BERSU OTOMOTVİ LIMITED COMPANY Personal Data Processing and Protection Policy ("Policy") aims to ensure the compliance of BERSU OTOMOTVİ LIMITED COMPANY ("Company") with the Law and to determine the principles to be followed by the Company in fulfilling its obligations regarding the protection and processing of personal data.
The Policy determines the conditions for processing personal data and sets out the main principles adopted by the Company in the processing of personal data. Within this framework, the Policy covers all personal data processing activities carried out by the Company within the scope of the Law, the owners of all personal data processed by the Company and all personal data processed by the Company.
Issues regarding the processing of personal data of the Company's employees are not within the scope of this Policy and are regulated separately in the BERSU OTOMOTİV LİMİTED ŞİRKETİ Employee Personal Data Processing and Protection Policy.
Definitions of the terms used in the Policy are in Annex-1.
2. Effectiveness and Amendment
The Policy has been published on the Company's website and made available to the public. In case of any conflict between the legislation in force, particularly the Law, and the regulations in this Policy, the provisions of the legislation shall apply.
The Company reserves the right to make changes in the Policy in parallel with legal regulations. The current version of the Policy is available on the Company website www.destegg.com.tr.
 
2. DATA SUBJECTS, DATA PROCESSING PURPOSES AND DATA CATEGORIES FOR THE PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT BY OUR COMPANY
1. Related Persons
The relevant persons within the scope of the Policy are all natural persons other than the Company employees whose personal data are processed by the Company. In this context, the categories of data subjects are as follows:
- Customer
- Potential Customer
- Visitor
- Employee Candidate
- Third Parties
- Relevant person categories are indicated for general information sharing purposes. The fact that the data subject does not fall within the scope of any of these categories does not eliminate the nature of the data subject as stated in the Law.
2. Purposes of Personal Data Processing
Your personal data and sensitive personal data may be processed by the Company for the following purposes in accordance with the personal data processing conditions in the Law and the relevant legislation:

MAIN OBJECTIVES

SUB-OBJECTIVES

 

Execution of Company Internal Operations

    2. 1. Planning, Auditing and Execution of Information Security Processes
    2. Establishment and Management of Information Technologies Infrastructure
    3. Planning and Execution of Employees' Authorisations to Access Information Systems
    4. Event Management
    5. Follow-up of Finance and Accounting Affairs
    6. Planning and Execution of Activities for Performing Effectiveness/Efficiency and Relevance Analyses of Business Activities
    7. Planning and Execution of Business Activities
    8. Planning and Execution of Authorisations of Business Partners and Suppliers to Access Information Systems
    9. Planning and Execution of Business Continuity Ensuring Activities
    10. Planning and Execution of Corporate Communication Activities
    11. Planning and Execution of Corporate Sustainability Activities
    12. Corporate Governance Planning and Execution of Activities
    13. Planning and Execution of Logistics Activities
    14. Planning and Execution of Production and Operation Processes
    15. Planning and Monitoring of Building and Construction Works

 

Activities with Legal, Technical and Administrative Consequences

    2. 1. Planning and Execution of Emergency Management Processes
    2. Planning and Execution of Occupational Health and Safety Processes
    3. Realisation of Credit Process Risk Management
    4. Calculation of Insurance Policy Premiums of Persons and Creation of the Policy 
    5. Management and Supervision of Relations with Subsidiaries
    6. Initiation of the Damage Process and Completion of the Damage File
    7. Follow-up of Legal Affairs
    8. IT and Operational Audit Activities of Group Companies
    9. Providing Legislative Information to Authorised Institutions
    10. Creating and Monitoring Visitor Records
    11. Planning and Execution of the Company's Production and Operational Risk Processes
    12. Realisation of Company and Partnership Law Transactions
    13. Ensuring the Security of Company Operations
    14. Ensuring the Security of Company Campuses and Facilities
    15. Planning and Execution of the Company's Financial Risk Processes
    16. Ensuring the Security of Company Fixtures and Resources
    17. Planning and Execution of Company Audit Activities
    18. Issuance of Insurance Policies
    19. Various Transaction Applications of Shareholders, 1st degree relatives of Shareholders and Members of the Board of Directors
    20. Planning and Execution of Operational Activities Required to Ensure that Company Activities are Carried Out in Accordance with Company Procedures and Relevant Legislation
    21. Ensuring that the data is accurate and up-to-date

Customer-Facing Processes and Operations

    2. 1. Follow-up of Loan Payment Transactions
    2. Planning and Execution of After Sales Support Services Activities
    3. Planning and Execution of Sales Processes of Products and Services
    4. Follow-up of Contract Processes and Legal Requests
    5. Planning and Execution of Customer Relationship Management Processes

 

 

 

Financial Operations

    2. 1. Banking Transactions
    2. Making Damage Payment
    3. Making Damage Payments of Persons
    4. Collection of Insurance Policy Premiums of Persons
    5. Policy Collection
    6. Pricing of Insurance Policy

 

Strategy Planning & Business Partners/Supplier Management

  1.  
    2. 1. Management of Relations with Business Partners and/or Suppliers
    2. Planning and Execution of External Training Activities
    3. Execution of Strategic Planning Activities

 

 

Marketing Operations

    2. 1. Planning and Execution of the Processes for Creating and Increasing Loyalty to the Products and Services Offered by the Company
    2. Planning and Execution of Market Research Activities for Sales and Marketing of Products and Services
    3. Planning and Execution of Marketing Processes of Products and Services
    4. Planning and Execution of Customer Satisfaction Activities
3. Categories of Personal Data
Your personal data categorised below are processed by the Company in accordance with the personal data processing conditions set out in the Law and the relevant legislation:

PERSONAL DATA CATEGORISATION

EXPLANATİON

Credentials

All information about the identity of the person in documents such as driving licence, identity card, residence card, passport, lawyer ID, marriage certificate

Contact Information

Information for contacting the person concerned, such as telephone number, address, e-mail

Customer Information

Information obtained and produced about the relevant person as a result of our commercial activities and the operations carried out by our business units within this framework

Family Members and Relatives

Information about the family members and relatives of the person concerned, which is processed in relation to the products and services we offer or in order to protect the legal interests of the Company and the person concerned

Customer Transaction Information

Records of the use of our products and services and information such as the customer's instructions and requests required for the use of products and services

Physical Space Security Information

Personal data related to records and documents such as camera recordings, fingerprint records taken at the entrance to the physical space, during the stay in the physical space

Process Security Information

Your personal data processed to ensure our technical, administrative, legal and commercial security while conducting our commercial activities

Financial Information

Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship established by our company with the relevant person

Financial Information

Personal data processed in relation to individuals who have applied to become an employee of our company or who have been evaluated as an employee candidate in line with the human resources needs of our company in accordance with the commercial custom and honesty rules or who are in a working relationship with our Company

Knowledge of Legal Procedure and Compliance

Personal data processed within the scope of determination and follow-up of our legal receivables and rights and performance of our debts and compliance with our legal obligations and our Company's policies

Audit and Inspection Information

Personal data processed within the scope of our company's legal obligations and compliance with company policies

Special Categories of Data

Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data.

Marketing Information

Personal data processed for the marketing of our products and services by customising them in line with the usage habits, tastes and needs of the person concerned, and the reports and evaluations created as a result of these processing results

Request/Complaint 

Management Information


Personal data relating to the receipt and evaluation of any request or complaint addressed to our Company

Reputation Management 

Knowledge


Information about the information collected for the purpose of protecting the commercial reputation of our company and the evaluation reports created in this regard and the actions taken

Event Management Information

Personal data processed for the purpose of taking necessary legal, technical and administrative measures against developing events in order to protect the commercial rights and interests of our company and the rights and interests of our customers

3. PRINCIPLES AND CONDITIONS REGARDING THE PROCESSING OF PERSONAL DATA
1. Principles Regarding the Processing of Personal Data

Your personal data is processed by the Company in accordance with the personal data processing principles set out in Article 4 of the Law. These principles must be complied with for each personal data processing activity:
- Processing of personal data in accordance with the law and good faith; The Company acts in accordance with the laws, secondary regulations and general principles of law in the processing of your personal data; It attaches importance to processing personal data limited to the purpose of processing and taking into account the reasonable expectations of the person concerned.
- Personal data being accurate and up-to-date; The Company pays attention to whether your personal data processed by the Company is up to date and to carry out the relevant checks. In this context, the right of the relevant persons to request the correction or deletion of inaccurate and outdated data is recognised.
- Processing of personal data for specific, explicit and legitimate purposes; The Company determines the purposes of data processing before each personal data processing activity and ensures that these purposes are not unlawful.
- Personal data is relevant, limited and proportionate to the purpose for which it is processed; The Company limits the data processing activity by the Company to the personal data required to fulfil the purpose of collection and takes necessary steps to ensure that personal data not related to this purpose is not processed.
- Retention of personal data for the period required by the legislation or processing purposes; Personal data are deleted, destroyed or anonymised by the Company after the purpose of processing personal data disappears or after the expiration of the period stipulated in the legislation.
 3.2. Conditions Regarding the Processing of Personal Data
Your personal data is processed by the Company in the presence of at least one of the personal data processing conditions specified in Article 5 of the Law. Explanations regarding these conditions are given below:
- In cases where the explicit consent of the data subject and other data processing conditions do not exist, in accordance with the general principles under the heading 3.1., the personal data of the data subject may be processed by the Company with the free will of the data subject, with sufficient information about the personal data processing activity, in a manner that leaves no room for hesitation and only limited to that transaction.
- In case the personal data processing activity is explicitly stipulated in the laws, personal data may be processed by the Company without the explicit consent of the data subject. In this case, the Company will process personal data within the framework of the relevant legal regulation.
- In the event that the explicit consent of the data subject cannot be obtained due to actual impossibility and personal data processing is mandatory, personal data belonging to the data subject who is unable to disclose his/her consent or whose consent cannot be validated by the Company will be processed in the event that personal data processing is mandatory to protect the life or physical integrity of the data subject or a third person.
- In the event that the personal data processing activity is directly related to the establishment or performance of a contract, personal data processing activity will be carried out if it is necessary to process personal data belonging to the parties of the contract established or already signed between the data subject and the Company.
- If it is mandatory to carry out personal data processing activities in order to fulfil the legal obligation of the data controller, the Company processes personal data in order to fulfil its legal obligations stipulated under the applicable legislation.
- In case the data subject has made his/her personal data public, personal data that have been disclosed to the public in any way by the data subject and made available to everyone as a result of publicisation may be processed by the Company limited to the purpose of publicisation even without the explicit consent of the data subjects.
- In the event that personal data processing is mandatory for the establishment, exercise or protection of a right, the Company may process the personal data of the relevant person without the explicit consent of the relevant persons within the scope of the obligation.
- Provided that it does not harm the fundamental rights and freedoms of the data subject, if data processing is mandatory for the legitimate interests of the data controller, personal data may be processed by the Company provided that the balance of interests of the Company and the data subject is observed. In this context, in the processing of data based on legitimate interest, the Company first determines the legitimate interest to be obtained as a result of the processing activity. 
It evaluates the possible impact of the processing of personal data on the rights and freedoms of the person concerned and carries out the processing activity if it is of the opinion that the balance is not disturbed.
3. Conditions Regarding the Processing of Special Categories of Personal Data
In Article 6 of the Law, special categories of personal data are specified in a limited number. These are; race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
The Company may process sensitive personal data in the following cases by ensuring that additional measures determined by the Personal Data Protection Board are taken:
- Processing of special categories of personal data other than health and sexual life can be processed if the data subject gives explicit consent or if it is explicitly stipulated by law.
- Personal data relating to health and sexual life can only be processed for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons under the obligation of confidentiality or by authorised institutions and organisations without seeking the explicit consent of the data subject.
4. TRANSFER OF PERSONAL DATA
The Company may transfer personal data domestically or abroad in accordance with the additional regulations listed in Articles 8 and 9 of the Law and determined by the Personal Data Protection Board; in the event that the conditions for the transfer of personal data exist.
- Transfer of personal data to third parties at home, in the presence of at least one of the data processing conditions specified in Articles 5 and 6 of the Law and explained under Title 3 of this Policy and provided that the basic principles regarding the data processing conditions are complied with, your personal data may be transferred by the Company.
- Transfer of personal data to third parties abroad, in the absence of the explicit consent of the person concerned, your personal data may be transferred abroad by the Company in the presence of at least one of the data processing conditions specified in Articles 5 and 6 of the Law and explained under Title 3 of this Policy and provided that the basic principles regarding the data processing conditions are complied with.
In the event that the country to which the transfer will be made is not one of the safe countries to be announced by the Personal Data Protection Board, personal data may be transferred to third parties abroad upon the Company and the data controller in the relevant country undertaking adequate protection in writing, provided that the Personal Data Board authorises this processing and at least one of the data processing conditions specified in Articles 5 and 6 of the Law (see Title 3 of this Policy) exists.
 Within the general principles of the Law and the data processing conditions in Articles 8 and 9, the Company may transfer data to the parties categorised in the table below:

SHARED PARTY CATEGORISATION

COVERAGE

TRANSFER PURPOSE

Business

 Partner

Parties with which the Company establishes business partnerships while conducting its commercial activities

Sharing of personal data limited to the purpose of ensuring the fulfilment of the purposes for which the business partnership was established

Supplier

Parties that provide services for the Company to continue its commercial activities in line with the instructions received from the Company and based on the contract between the Company and the Company

Transfer limited to the receipt of outsourced services from the supplier

Subsidiary

Subsidiaries of the Company

Transfer of personal data limited to the purpose of carrying out commercial activities requiring the participation of affiliates

Legally Authorised Public Institution

Public institutions and organisations legally authorised to receive information and documents from the Company Sharing personal data limited to the purpose of requesting information

Sharing personal data limited to the purpose of requesting information by the relevant public institutions and organisations

Legally Authorised Private Institution

Private law persons legally authorised to obtain information and documents from the Company

Sharing data limited to the purpose requested by the relevant private law persons within the scope of their legal authority

5. DISCLOSURE AND RIGHTS OF INTERESTED PERSONS
According to Article 10 of the Law, the data subjects must be informed about the processing of personal data before or at the latest at the time of processing personal data.  Pursuant to the relevant article, the necessary structure has been established within the company to ensure that the relevant persons are informed in every case where personal data processing activities are carried out by the Company as the data controller. In this context;
- Please review section 2.2 of the Policy for the purpose of processing your personal data.
- For the parties to whom your personal data are transferred and the purpose of transfer, please refer to Section 4 of the Policy.
- Please refer to sections 3.2 and 3.3 of the Policy to examine the conditions for processing your personal data, which can be collected through different channels in physical or electronic media.
- As a data subject, we would like to state that you have the following rights in accordance with Article 11 of the Law:
 
- To learn whether your personal data is being processed or not,
- Request information if your personal data has been processed,
- To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom your personal data is transferred domestically or abroad,
- To request correction of your personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,
- Although it has been processed in accordance with the Law and other relevant provisions of the law, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,
- To object if a result arises to your detriment by analysing the processed data exclusively through automated systems,
- To request compensation for damages in case you suffer damage due to unlawful processing of your personal data.
You can submit your applications for your rights listed above to our Company in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller 0216 446 46 86.  Depending on the nature of your request, your applications will be finalised free of charge as soon as possible and within thirty days at the latest; however, if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.
During the evaluation of the applications, the Company first determines whether the person making the request is the real right holder. However, the Company may request detailed and additional information for a better understanding of the request when deemed necessary.
The Company's responses to the relevant person applications are notified to the relevant persons in writing or electronically. If the application is rejected, the reasons for rejection will be explained to the relevant person with justification.
In case personal data are not obtained directly from the data subject, the Company carries out activities to inform the data subjects (1) within a reasonable period of time after the personal data are obtained, (2) if the personal data will be used for communication with the data subject, during the first communication, (3) if the personal data will be transferred, at the latest during the first transfer of personal data.
6. DELETION, DESTRUCTION, ANONYMISATION OF PERSONAL DATA
Pursuant to Article 7 of the Law, although it has been processed in accordance with the law, in the event that the reasons requiring its processing disappear, the Company deletes, destroys or anonymises the personal data ex officio or upon the request of the data subject in accordance with the guidelines published by the Authority.
7. SCOPE OF THE LAW AND LIMITATIONS ON ITS APPLICATION
The following cases are excluded from the scope of the Law:
- Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that the personal data is not disclosed to third parties and the obligations regarding data security are complied with.
- Processing of personal data for purposes such as research, planning and statistics by anonymising personal data with official statistics.
- Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.
- Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organisations entrusted and authorised by law to ensure national defence, national security, public safety, public order or economic security.
- Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings.
In the cases listed below, the Company is not required to inform the relevant persons and the relevant persons will not be able to use their rights specified in the Law, except for their rights to compensation for damages:
- Processing of personal data is necessary for the prevention of crime or criminal investigation.
- Processing of personal data made public by the data subject himself/herself.
- Processing of personal data is necessary for the execution of supervisory or regulatory duties or for disciplinary investigation or prosecution by public institutions and organisations and professional organisations in the nature of public institutions, which are authorised by law.
- Personal data processing is necessary for the protection of the economic and financial interests of the State in relation to budget, tax and financial matters.
ANNEX-1: DEFINITIONS
 

DEFINITION

 

Open Consent

Consent on a specific subject, based on information and expressed with free will.

Anonymisation

Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

Employee

Natural persons who are employees of the company.

Employee Candidate

Natural persons who are not employees of the Company, but who have the status of employee candidates of the Company through various methods

Personal Health Data

Any health information relating to an identified or identifiable natural person.

Personal Data

Any information relating to an identified or identifiable natural person.

Related Person

The natural person whose personal data is processed.

Processing of Personal Data

Any operation performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganising, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

Law

Law No. 6698 on the Protection of Personal Data published in the Official Gazette dated 7 April 2016 and numbered 29677.

Sensitive Personal Data

Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

Policy

BERSU OTOMOTİV LİMİTED ŞİRKETİ Policy on Processing and Protection of Personal Data

Company

BERSU OTOMOTİV LİMİTED ŞİRKETİ

Business Partners

Persons with whom the Company has established partnerships within the scope of contractual relationships within the framework of its commercial activities.



Related Person

Natural person whose personal data is processed

Data Processor

A natural or legal person who processes personal data on behalf of the data controller based on the authorisation granted by the data controller.

Data Controller

The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically.

 
 







Whatsapp Telefon
Copyright © 2025 www.destegg.com.tr - All rights reserved