In accordance with the Personal Data Protection Law No. 6698 (“PDPL”) and the Regulation 2016/679 of the European Parliament and Council of 27 April 2016 (European Data Protection Regulation or “GDPR”) and other applicable legislation, your personal data can be processed by data controller Demir Grup Yapı İnşaat Sanayi ve Ticaret Anonim Şirketi (“Company”) based in “Büyükdere Cad. No.74 D Torun Center Office Kule K:11 N:45 Şişli/İstanbul” in the scope of the details explained in this text.
1. Purpose of Processing Personal Data
Your personal data obtained as you visit our website, may be processed by the Company for the purposes listed below and in complaint with PDPL and GDPR:
- In case of requests by the data subject through communication channels, in order to obtain information, to evaluate requests/suggestions and to make a complaint,
- Planning and executing the activities required for recommending and promoting the services offered by the Company by customizing them according to the data subject, usage habits and needs,
- Determining the number and profile of e-volunteers in line with the activities carried out within the Company, developing and diversifying the activities,
- Planning and execution of the Company’s management strategies,
- Carrying out the necessary work by our relevant business units for the realisation of the commercial activities carried out by the Company and carrying out the related business processes, planning and execution of the Company's business strategies,
- Ensuring that information is received, wishes/suggestions are evaluated and complaints can be made if a request is made by the relevant person through the communication portal,
- Ensuring the legal, technical and commercial-business security of the Company and related persons who are in business relations with the Company.
2. Method and Legal Basis for Collecting Your Personal Data
Your personal data is collected by the Company in written and electronic media as part of the data recording system, by means of cookies, which are technical communication files, due to your visit to our website, and by fully or partially automatic methods for the purposes specified in this Privacy Notice. For detailed information about cookies, please review the Cookie Notice. Your personal data collected other than cookies are collected in non-automatic ways by filling in the forms on the website.
Your personal data is processed in accordance with the following legal reasons:
- "compliance with a legal obligation" regulated in Article 5/2(a) and (ç) of PDPL and Article 6/1(c) of the GDPR,
- the "legitimate interest of the data controller" regulated in Article 5/2 (f) of the PDPL and Article 6/1(f) of the GDPR,
- "explicit consent" regulated in Article 5/1 of PDPL and Article 6/1(a) of the GDPR
- Law number 5651 on the Regulation of Broadcasts via Internet and Prevention of Crimes Committed through Such Broadcasts (“Internet Law”), being liable for the storage of traffic information.
3. Transferred of Personal Data
The purpose of transferring the data is in line with the purpose of processing personal data. Your collected personal data may be transferred to our business partners and suppliers (outsourcing service providers, hosting service providers), corporate affiliates, authorized public institutions, authorised by the law, or a valid legislative provision, court order or regulation and individuals in accordance with data processing conditions and purposes stated under the Law and GDPR. (in particular Article 6(1) and recital 48 of GDPR; and in Article 8 and 9 of PDPL)
4. Application to the Data Controller and Your Rights
According to the Article 11 of PDPL and Article 12 of GDPR, you also have the following rights:
- learn whether your personal data are being processed,
- if they are, request information,
- obtain information on the purpose of processing and find out whether personal data has been used as fit for the purpose,
- obtain information about the third persons in Turkey and abroad, to whom personal data are transferred,
- request rectification of personal data that may have been incompletely or inaccurately processed,
- request the deletion or destruction of personal data,
- request notification of the operations made as per indents (e) and (f) to third parties to whom personal data have been transferred,
- object to occurrence of any detrimental result by means of analysis of personal data exclusively through automated systems and
- request compensation for the damages due to unlawful processing of personal data.
You can send your requests to the Company according to Comminuque on the Principles and Procedures for the Request to Data Controller. You can also direct your applications to us by submit it to the address “Büyükdere Cad. No.74 D Torun Center Office Kule K:11 N:45 Şişli/İstanbul” via registered letter or to the [●] e-mail adress.
Our Company fulfills your requests as soon as possible and within thirty days at the latest and once for free of charge. However, requester may be charged for following requests or for the initial request if the action taken on the request requires additional cost. Our Company can accept and process the request or reject the request in writing by explaining its reason.
You are entitled to file a complaint to the Turkish Board of Personal Data Protection (“Board”) within thirty days as of the notification of the reply and in all cases within sixty days if the application is rejected after carrying out the procedure mentioned above, the reply is deemed to be insufficient or the requests are not responded in a timely manner. However, the complaint cannot be filed without exhausting this application process.
The Board may conduct the necessary inspections within its field of duty upon receiving a complaint or ex officio upon detecting a breach. The complaint shall be examined by the Board and answers shall be provided to those concerned. If no replies are given within sixty days as of the date of the complaint, the request shall be deemed to be rejected. If, as a result of inspections upon receiving a complaint or ex officio investigation, a breach is detected, the Board shall rule the identified contraventions of law to be eliminated by the data controller, and shall notify those concerned accordingly. This decision shall be fulfilled without delay but no later than within thirty days as of the notification of the decision. The Board is authorized to halt data processing or international transfer of data if damages that are hard or impossible to compensate occur and if there is an explicit infringement of the law.
We would like to emphasize that your data is meticulously protected by the Company and thank you for the trust that you place in us.