DEMİR GRUP YAPI İNŞAAT SANAYİ VE TİCARET ANONİM ŞİRKETİ - CONTACT
FORM DISCLOSURE TEXT

In this Clarification Text, the principles regarding the processing of your personal data by Demir Grup Yapı İnşaat Sanayi ve Ticaret Anonim Şirketi (“Company”), the data controller, located at the address “Büyükdere Cad No 74 D Torun Center Office Kule K:11 N:45 Şişli/İstanbul”, in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”) and the relevant legislation are set out below.

1. Purpose of Processing Personal Data

Your personal data in the identity and contact category are processed for the purposes of providing information, receiving your wishes and suggestions and collecting complaints, and performing customer service activities. Again, apart from the above-mentioned, your personal data may be processed provided that your fundamental rights and freedoms are not harmed in order for you to benefit from our services offered by our Company without any problems, to improve our product and service diversity, to prepare and present various reports, analyzes and studies.

2. Method and Legal Grounds for Collection of Personal Data

Your personal data collected so that you can benefit from the service we offer with the customer service section through the Contact Form area on our website is collected through the digital form you have filled out. In accordance with the Law, this type of personal data is processed with the permission of the person concerned as a result of the request for assistance. Your personal data is processed for the legal reason that data processing is mandatory for the legitimate interests of the Company, provided that it does not harm your fundamental rights and freedoms.

3. Places of Transfer of Processed Personal Data and Purpose of Transfer

The purpose of processing personal data and the purpose of data transfer are parallel. Our Company may transfer the personal data it collects with the institutions and organizations it cooperates with in order to carry out its activities, with the official authorities and public authorities upon request and with the relevant business partners within the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law.

4. Ways to Apply to the Data Controller and Your Rights

Pursuant to Article 11 of the Law, by applying to our Company, you have the following rights; a) to learn whether it has been processed, b) to request information if it has been processed, c) to learn the purpose of processing and whether it is used in accordance with its purpose, d) to learn the parties to whom it is transferred domestically / abroad, e) to request correction if it is incomplete / incorrectly processed, f) to request deletion/destruction within the framework of the conditions stipulated in Article 7 of the Law, g) to request notification of the transactions made in accordance with subparagraphs (e) and (f) above to the third parties to whom it is transferred, h) to object to the occurrence of a result against you due to the analysis  exclusively by automated systems, and i) to demand the compensation of the damage in case you suffer damage due to unlawful processing.

You may submit your information and application requests regarding your rights stated above to our Company in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller. You can send your applications to “Büyükdere Cad No 74 D Torun Center Office Kule K:11 N:45 Şişli İstanbul” by filling out the Application Form on our website and you can also forward it to us by sending it to the e-mail address “[info@demirinsaat.com.tr]”.

Our Company finalizes your requests as soon as possible and within thirty days at the latest, depending on the nature of the request, with the first request free of charge. However, a fee may be charged for subsequent requests on the same subject or if the first request requires an additional cost. Our Company may accept and process the request or reject the request in writing by explaining its reasoning.

In cases where the application made by following the above-mentioned procedure is rejected, the response is found insufficient or the application is not responded in due time; there is the right to file a complaint to the Personal Data Protection Board (“Board”) within thirty days following the notification of the response and in any case within sixty days from the date of application. However, a complaint cannot be filed before exhausting the remedy.

The Board, upon a complaint or ex officio upon learning of an alleged violation, shall conduct the necessary investigation on matters within its jurisdiction. Upon a complaint, the Board shall examine the request and give a response to those concerned. If no response is given within sixty days from the date of the complaint, the request shall be deemed rejected. If it is understood that there is a violation as a result of the examination made upon complaint or ex officio, the Board decides that the unlawfulness detected by the Board shall be eliminated by the data controller and notifies the relevant parties. This decision shall be fulfilled without delay and within thirty days at the latest following the notification. The Board may decide to suspend data processing or transfer of data abroad in the event of irreparable or impossible damages and in the event of a clear violation of the law.

We state that your data is sensitively protected by our Company and thank you for your trust in us.

DEMİR GRUP YAPI İNŞAAT SANAYİ VE TİCARET ANONİM ŞİRKETİ

PRIVACY NOTICE

In accordance with the Personal Data Protection Law No. 6698 (“PDPL”) and the Regulation 2016/679 of the European Parliament and Council of 27 April 2016 (European Data Protection Regulation or “GDPR”) and other applicable legislation, your personal data can be processed by data controller Demir Grup Yapı İnşaat Sanayi ve Ticaret Anonim Şirketi (“Company”) based in “Büyükdere Cad. No.74 D Torun Center Office Kule K:11 N:45 Şişli/İstanbul” in the scope of the details explained in this text.

Purpose of Processing Personal Data

Your personal data obtained as you visit our website may be processed by the Company for the purposes listed below and in complaint with PDPL and GDPR:

• In case of requests by the data subject through communication channels, in order to obtain information, to evaluate requests/suggestions and to make a complaint,
• Planning and executing the activities required for recommending and promoting the services offered by the Company by customizing them according to the data subject, usage habits and needs,
• Determining the number and profile of e-volunteers in line with the activities carried out within the Company, developing and diversifying the activities,
• Planning and execution of the Company’s management strategies,
• Carrying out the necessary work by our relevant business units for the realization of the commercial activities carried out by the Company and carrying out the related business processes, planning and execution of the Company's business strategies,
• Ensuring that information is received, wishes/suggestions are evaluated and complaints can be made if a request is made by the relevant person through the communication portal,
• Ensuring the legal, technical and commercial-business security of the Company and related persons who are in business relations with the Company.

Method and Legal Basis for Collecting Your Personal Data

Your personal data is collected by the Company in written and electronic media as part of the data recording system, by means of cookies, which are technical communication files, due to your visit to our website, and by fully or partially automatic methods for the purposes specified in this Privacy Notice. For detailed information about cookies, please review the Cookie Notice. Your personal data collected other than cookies are collected in non- automatic ways by filling in the forms on the website.

Your personal data is processed in accordance with the following legal reasons:

• "compliance with a legal obligation" regulated in Article 5/2(a) and (ç) of PDPL and Article 6/1(c) of the GDPR,
• the "legitimate interest of the data controller" regulated in Article 5/2 (f) of the PDPL and Article 6/1(f) of the GDPR,
• "explicit consent" regulated in Article 5/1 of PDPL and Article 6/1(a) of the GDPR,
• Law number 5651 on the Regulation of Broadcasts via Internet and Prevention of Crimes Committed through Such Broadcasts (“Internet Law”), being liable for the storage of traffic information.

Transferred of Personal Data

The purpose of transferring the data is in line with the purpose of processing personal data. Your collected personal data may be transferred to our business partners and suppliers (outsourcing service providers, hosting service providers), corporate affiliates, authorized public institutions, authorized by the law, or a valid legislative provision, court order or regulation and individuals in accordance with data processing conditions and purposes stated under the Law and GDPR. (in particular Article 6(1) and recital 48 of GDPR; and in Article 8 and 9 of PDPL)

Application to the Data Controller and Your Rights

According to the Article 11 of PDPL and Article 12 of GDPR, you also have the following rights:

1. Learn whether your personal data is being processed,
2. If they are, request information,
3. Obtain information on the purpose of processing and find out whether personal data has been used as fit for the purpose,
4. Obtain information about the third persons in Turkey and abroad, to whom personal data are transferred,
5. Request rectification of personal data that may have been incompletely or inaccurately processed,
6. Request the deletion or destruction of personal data,
7. Request notification of the operations made as per indents (e) and (f) to third parties to whom personal data have been transferred,
8. Object to occurrence of any detrimental result by means of analysis of personal data exclusively through automated systems and
9. Request compensation for the damages due to unlawful processing of personal data.

You can send your requests to the Company according to Communique on the Principles and Procedures for the Request to Data Controller. You can also direct your applications to us by submitting it to the address “Büyükdere Cad. No.74 D Torun Center Office Kule K:11 N:45 Şişli/İstanbul” via registered letter or to the info@demirinsaat.com.tr email address.

Our Company fulfills your requests as soon as possible and within thirty days at the latest and once for free of charge. However, the requester may be charged for following requests or for the initial request if the action taken on the request requires additional cost. Our Company can accept and process the request or reject the request in writing by explaining its reason.

You are entitled to file a complaint to the Turkish Board of Personal Data Protection (“Board”) within thirty days as of the notification of the reply and in all cases within sixty days if the application is rejected after carrying out the procedure mentioned above, the reply is deemed to be insufficient or the requests are not responded in a timely manner. However, the complaint cannot be filed without exhausting this application process.

The Board may conduct the necessary inspections within its field of duty upon receiving a complaint or ex officio upon detecting a breach. The complaint shall be examined by the Board and answers shall be provided to those concerned. If no replies are given within sixty days as of the date of the complaint, the request shall be deemed to be rejected. If, as a result of inspections upon receiving a complaint or ex officio investigation, a breach is detected, the Board shall rule the identified contraventions of law to be eliminated by the data controller, and shall notify those concerned accordingly. This decision shall be fulfilled without delay but no later than within thirty days as of the notification of the decision. The Board is authorized to halt data processing or international transfer of data if damages that are hard or impossible to compensate occur and if there is an explicit infringement of the law.

We would like to emphasize that your data is meticulously protected by the Company and thank you for the trust that you place in us.