In accordance with the Law on the Protection of Personal Data No. 6698 (“Law”); this Personal Data Processing and Protection Policy (“Policy”) of HERA CHARGE ELECTRONICS INC. (Mersis: 0461 1117 5740 0001) (hereinafter referred to as “HERA CHARGE” or "COMPANY”) regulates the procedures and principles that must be adhered to in fulfilling the obligations regarding the protection and processing of personal data by HERA CHARGE.
1. PURPOSE AND SCOPEThe aim is to ensure the sustainability of the principle of conducting “HERA CHARGE” activities with transparency. In this context, the basic principles adopted for compliance with the regulations contained in the Law on the Protection of Personal Data No. 6698 (“KVK Law”) regarding the COMPANY's data processing activities are determined, and the practices carried out by “HERA CHARGE” are explained.
The Policy specifies the conditions for processing personal data and outlines the main principles adopted by HERA CHARGE in processing personal data. Within this framework, the Policy targets all personal data processing activities under the Law, conducted either automatically or through non-automatic means as part of a data recording system, relating to individuals whose personal data are processed.
“HERA CHARGE” reserves the right to amend the “Policy” in line with legal regulations.
1.1. Definitions
COMPANY: HERA CHARGE ELECTRONICS INC.
Personal Data/Data: Any information related to an identified or identifiable natural person.
Sensitive Personal Data: Data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, clothing, membership in associations, foundations, or unions, health, sexual life, criminal convictions, security measures, as well as biometric and genetic data.
Processing of Personal Data: Any operation performed on personal data, such as collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or prevention of the use of data, whether fully or partially automated or non-automated as part of a data recording system.
Third Parties and individuals whose personal data are processed by the "COMPANY”: These are individuals related to third parties with whom “HERA CHARGE” interacts to ensure the security of commercial transactions or to protect the rights and interests of those mentioned above. Examples include joint debtors (Guarantors, Note Debtors), companions, family members, and relatives.
Personal Data Owner / Relevant Person: Refers to stakeholders and employees of the "COMPANY”, business partners, authorized representatives, job applicants, visitors, group customers, potential customers, third parties, and individuals whose personal data are processed by the COMPANY.
Data Recording System: A system that processes personal data structured according to certain criteria.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
Explicit Consent: Consent based on being informed about a specific subject and expressed freely.
Anonymization: The process of making data that was previously associated with a person
impossible to relate to an identified or identifiable natural person, even when matched with other data.
Law: Refers to the Law on the Protection of Personal Data No. 6698.
KVK Board: The Personal Data Protection Board.
1.2. Effectiveness and Amendments
The Policy has been made public by being published on the "COMPANY”’s website. In case of any conflict between the applicable legislation, primarily the Law on the Protection of Personal Data No. 6698, and the provisions included in this Policy, the provisions of the legislation shall apply. The "COMPANY” reserves the right to amend the Policy in line with legal regulations. The current version of the Policy can be accessed from the "COMPANY”’s website www.heracharge.com.
Personal data means information that identifies or can identify you. The categories of personal data that may be processed by the "COMPANY” are listed below.
Identity Data:This data category includes types of data such as T.R. Identity Number, name, surname, place and date of birth, marital status, gender, and a sample of the identity document.
Family Members and Relatives Information:Information about the personal data owner's family members and relatives.
Contact Data:A group of data that can be used to reach the person (phone number, postal address, email, fax number, IP address, etc.).
Sensitive Personal Data:This data category includes types of data such as health data obtained for personnel's employment and occupational safety, biometric data collected during employment entrance and exit, and criminal convictions and security measures.
Visual Data:Refers to images of individuals captured in security camera recordings for security purposes in the physical environments of the "COMPANY” or photos taken during personnel's employment entrance.
Personnel Files:Types of data that must be legally created as part of the personnel's employment contract, including identity and contact information, as well as profession, education, financial data, etc.
Biometric Data (Facial Recognition System):Types of data obtained, subject to the personnel's written request for alternative methods, regarding the personnel's employment entrance and exit systems.
Visual Records:Types of data that include catalogs, photographs, videos, and all other visual records taken in work areas or areas that can be considered as workplaces for the purposes of conducting and promoting institutional and business activities.
Contract Data:All data, such as signatures, signature circulars, and personal information of real persons, processed in the database as a result of contractual ties established by the "COMPANY” with its customers, business partners, suppliers, and external resources.
Location Data:Refers to all location data of employees processed by the "COMPANY” for internal audit purposes.
Performance Data:All data processed within the "COMPANY” for personnel for internal audit and increasing operational efficiency, and outside the "COMPANY” for the performance evaluation of business partners.
Employee and Job Applicant Information:Personal data processed regarding individuals who have applied to be an employee of the "COMPANY”, or whose applications have been evaluated by the "COMPANY” based on commercial custom and rules of honesty, or who are in a working relationship with the "COMPANY”.
Physical Space Security Information:Personal data related to records and documents obtained during physical entry to premises and during stays inside the premises, such as camera recordings.
Visual Data: Visual records that clearly belong to an identified or identifiable natural person and are associated with the personal data owner within the data recording system.
Operational Security Information: Personal data processed to ensure our technical, administrative, legal, and commercial security while conducting our business activities.
Risk Management Information: Personal data that is clearly related to an identified or identifiable natural person and is processed to manage the "COMPANY”’s commercial, technical, and administrative risks.
Financial Information: Personal data related to any financial outcomes generated according to the type of legal relationship established between the "COMPANY” and the personal data owner, including information, documents, and records.
Location Data: (Position Data)
Request and Complaint Data: Personal data related to the receipt and evaluation of any requests or complaints directed to the "COMPANY”.
2.2. Categories of Data Owners The data owners within the scope of the Policy are all natural persons whose personal data are processed by the "COMPANY.” In this context, the general categories of data owners are as follows:
The data owner categories are specified for general information sharing purposes. The fact that a data owner does not fall under any of these categories does not eliminate their status as a data owner as defined in the Law.
2.3. Purposes of Personal Data ProcessingFor Employees:
For Job Applicants:
For Interns/Students:
Security of Data Controller Operations: Conducting Occupational Health and Safety Activities, Executing Payroll Payments.
For Shareholders/Business Partners/Supplier Companies: Personal data belonging to your company's authorized personnel and employees may be processed within the scope of the commercial relationship between you and the “COMPANY,” in accordance with the provisions of Article 5 of the Law, for the following purposes, in compliance with the fundamental principles set forth in the Law, including the conditions for personal data processing
For Customers:
Your identity and contact information obtained directly from you through visits to the “COMPANY” premises, requests for orders and price quotes, complaints, and business cards shared at fairs and events (data on the business card is considered anonymized) are processed in accordance with Article 5/2 of the Law to create offers for requested products, establish contracts, and manage your requests and complaints. Additionally, if you are not a trader or merchant, your information may be processed for marketing purposes to keep you informed about the “COMPANY”’s products and services and offer you special products with your consent.
For Visitors:
During your visits to the “COMPANY,” our website, and other business locations, your identity
and visual data may be processed for the following purposes to ensure the security of both the
“COMPANY” and yourselves, as well as to fulfill our legal obligations and legitimate interests,
through security cameras and visitor registration logs
“COMPANY” evaluates the processing of personal data for each category of data subject in accordance with specific, clear, and legitimate purposes. The “COMPANY” ensures that personal data is deleted, destroyed, or anonymized after the purpose of data processing ceases to exist or after the duration specified by law has expired.
3.2. Conditions for Processing Personal DataIn accordance with Article 5, paragraph 2, and Article 8, paragraph 2 of the Personal Data Protection Law (KVKK), personal data may be processed without the explicit consent of the data subject under the following conditions:
The processing of special categories of personal data under Article 6 of the Law, are limited to the following:
The “COMPANY” can process your special categories of personal data by taking necessary precautions under the following circumstances:
Your personal data may be collected through various physical, oral, and electronic means such as website visits, establishing and performance of contracts, recruitment visits to our workplaces, and calls to customer service. Depending on the nature of the personal data and its purpose of processing, it will be collected under Article 5, Paragraph 2 of the Law. If no legal basis exists, your data will be collected with your explicit consent. Your personal data may be collected, processed, and/or used for the legal reasons outlined below:
5. TRANSFER OF PERSONAL DATA
In accordance with the conditions set forth in Articles 8 and 9 of the KVKK and additional regulations determined by the Personal Data Protection Board, personal data may be transferred domestically or internationally if the conditions for the transfer of personal data exist.
The transfer of personal data to third parties within the country is permitted by the “COMPANY”
only if at least one of the data processing conditions outlined in Articles 5 and 6 of the Law and
explained in Section 3 of this Policy exists, and provided that the basic principles regarding data
processing are adhered to.
The transfer of personal data to third parties outside the country can occur if at least one of the data processing conditions outlined in Articles 5 and 6 of the Law exists and if the basic principles regarding data processing are followed, even if the person does not provide explicit consent.
In accordance with the general principles of the Law and the data processing conditions in Articles 8 and 9, the “COMPANY” may transfer data to the following real and legal persons:
6. NOTIFICATION OF DATA SUBJECTS AND THEIR RIGHTSAs a personal data owner, we inform you that you have the following rights under Article 11 of the Law:
To request the destruction or deletion of personal data based on the reasons for processing cease to exist, even if the data has been processed in accordance with the Law and other relevant legal provisions, and to request that the action taken in that regard be communicated to third parties to whom your personal data has been transferred.
To object if a result that is against your interests solely from the automated analysis of processed data.
To request compensation for damages incurred due to unlawful processing of your personal data.
7. Ensuring the Security and Confidentiality of Personal Data
The “COMPANY” takes all necessary measures to prevent unlawful disclosure, access, transfer, or any security deficiencies that may arise concerning personal data, based on the nature of the data to be protected. In this context, the “COMPANY” implements all the necessary administrative and technical measures, establishes a monitoring system within the organization, and acts in accordance with the measures prescribed in the KVKK in the event of an incident in the disclosure of personal data.
8. Destruction of Personal Data
The “COMPANY” has prepared a DESTRUCTION POLICY to specify the methods for destroying personal data. All destruction processes are conducted in accordance with this policy. According to Article 7 of the Law, if the reasons for processing cease to exist, personal data must be deleted, destroyed, or anonymized either ex officio or upon the request of the “COMPANY.” The retention periods for each type of data and process are specified in the personal data inventory prepared by the “COMPANY,” which guides the data processing processes.
In accordance with Article 5, the reasons for processing cease to exist, personal data will be deleted, destroyed, or anonymized according to the DESTRUCTION POLICY, and the procedures may be relevant to personal data whose processing basis may stop concerning the “COMPANY.”
9. Matters Concerning the Protection of Personal Data
“HERA CHARGE” takes the necessary technical and administrative measures to ensure an appropriate level of security to prevent unlawful processing of personal data, unlawful access to data, and to ensure the protection of data in accordance with Article 12 of the KVKK.
9.1 Technical Measures
The main technical measures taken by “HERA CHARGE” to ensure the lawful processing of personal data are as follows:
9.2. Administrative Measures
You can submit your requests regarding your rights listed above by filling out the "Relevant Person Application Form" available on our website (www.heracharge.com) or by sending a written document with the same content to the address specified below. All your requests can be communicated in writing to the postal addresses provided below. When data subjects (relevant persons) submit requests related to their personal data in writing to “HERA CHARGE,” the “COMPANY” carries out the necessary processes to ensure that the request is concluded in accordance with Article 13 of the KVKK, as soon as possible and no later than thirty (30) days, depending on the nature of the request.
The “COMPANY” may request information to verify whether the person making the application is the owner of the personal data in question for the sake of ensuring data security. The “COMPANY” may also ask questions related to the application to ensure that the relevant person’s request is concluded appropriately. In cases where fulfilling the request may impede the rights and freedoms of other individuals, require disproportionate effort, or involve publicly available information, the “COMPANY” may deny the request with an explanation of the reasons.
HERA CHARGE ELEKTRONİK A.Ş.
(Mersis: 0461 1117 5740 0001)
Address: Güllübağlar Mah. Firketeci Sk. No: 2 P.K:34906 Pendik/İSTANBUL
Tel & Fax: +90 216 307 11 00 & +90 216 307 79 02
Kep Address: heracharge@hs01.kep.tr
Email:info@heracharge.com
Web:www.heracharge.com