SACİT ZORLU METAL SAN. TİC. AŞ.
INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
This Information Notice has been prepared by SACİT ZORLU METAL SAN. TİC. AŞ. and its representatives in order to inform the Company’s customers, within the scope of Law No. 6698 on the Protection of Personal Data (“Law”), about the processing of their personal data by the Company.
You may access detailed information regarding the processing of your personal data within the scope of this Information Notice from the Personal Data Protection and Processing Policy available at alutem.com.tr.
a) Methods of Obtaining Personal Data and Legal Grounds
Your personal data are collected in electronic or physical environments. Your personal data collected on the legal grounds specified in this information notice may be processed and shared within the framework of the personal data processing conditions set forth in Articles 5 and 6 of the Law.
b) Purposes of Processing Personal Data
Within the framework of the personal data processing conditions set forth in Articles 5 and 6 of the relevant law, your personal data are processed for the purposes of planning and executing the activities necessary to customize and recommend/promote the products and services offered by the Company in line with the preferences, usage habits and needs of the relevant persons; carrying out the necessary works by the business units to enable the relevant persons to benefit from the products and services offered by the Company and conducting the relevant business processes; carrying out the necessary works by the relevant business units for the realization of the commercial activities conducted by the Company and conducting the related business processes; and ensuring the legal, technical and commercial/occupational safety of the relevant persons who have a business relationship with the Company in relation to the execution of the Company’s commercial activities.
c) Parties with Whom Personal Data May Be Shared and Purposes of Sharing
Within the framework of the personal data processing conditions and purposes set forth in Articles 8 and 9 of the Law, your personal data may be shared, for the purposes of planning and executing the activities necessary to customize and recommend/promote the products and services offered by the Company in line with the preferences, usage habits and needs of the relevant persons; carrying out the necessary works by the business units to enable the relevant persons to benefit from the products and services offered by the Company and conducting the relevant business processes; carrying out the necessary works by the relevant business units for the realization of the commercial activities conducted by the Company and conducting the related business processes; planning and executing the Company’s commercial and/or business strategies; and ensuring the legal, technical and commercial/occupational safety of the Company and the relevant persons who have a business relationship with the Company, with the Company’s business partners and suppliers, as well as with legally authorized public institutions and organizations and legally authorized private legal entities.
d) Rights of Data Subjects and Exercising These Rights
If you, as a personal data owner/data subject, submit your requests regarding your rights listed below to the Company through the methods specified under the heading “Exercising Rights by Data Subjects,” your requests will be evaluated and finalized by SACİT ZORLU METAL SAN. TİC. AŞ. as soon as possible and in any case within 30 (thirty) days.
Rights of the Data Subject under Article 11 of the Law
Pursuant to Article 11 of the Law, the data subject has the right to:
• learn whether their personal data are processed;
• request information if their personal data have been processed;
• learn the purpose of processing and whether the data are used in accordance with such purpose;
• know the third parties to whom personal data are transferred domestically or abroad;
• request correction of personal data if they are incomplete or inaccurate and request notification of such correction to third parties to whom the data have been transferred;
• request deletion or destruction of personal data where the reasons requiring processing cease to exist, even though the data have been processed in accordance with the Law and other relevant legislation, and request notification of such deletion/destruction to third parties to whom the data have been transferred;
• object to a result against the data subject arising from the analysis of processed data exclusively through automated systems;
• request compensation for damages in the event of unlawful processing of personal data.
Cases Where the Right to Request Cannot Be Exercised (Article 28/2)
Article 28(2) of the Law lists cases where the data subject does not have the right to request; accordingly, the above rights cannot be exercised where:
• processing of personal data is necessary for the prevention of crime or for a criminal investigation;
• personal data have been made public by the data subject;
• processing is necessary for the performance of supervisory or regulatory duties, and for disciplinary investigation or prosecution, by authorized public institutions/organizations or professional organizations with the status of public institutions, based on the authority granted by law;
• processing is necessary for the protection of the State’s economic and financial interests with respect to budgetary, tax and financial matters.
Cases Outside the Scope of the Law (Article 28/1)
Pursuant to Article 28(1) of the Law, personal data will be outside the scope of the Law in the following cases, and data subject requests will not be processed with respect to such data:
• processing of personal data by real persons solely within the scope of activities relating to themselves or family members living in the same household, provided that the data are not disclosed to third parties and data security obligations are complied with;
• processing of personal data for purposes such as research, planning and statistics by anonymizing them for official statistics;
• processing of personal data for artistic, historical, literary or scientific purposes, or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy or personal rights, and does not constitute a crime;
• processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security;
• processing of personal data by judicial authorities or enforcement offices in relation to investigation, prosecution, trial or execution proceedings.
Exercising Rights by Data Subjects
Data subjects may use the “Application Form Regarding Applications to Be Made by the Data Subject to the Data Controller” available at sz.com.tr (via the relevant link) to exercise the above rights. Applications shall be made, together with documents verifying the data subject’s identity, by one of the following methods:
• delivering the completed form with a wet-ink signed copy by hand, via a notary public, or by registered mail with return receipt to: Köşklüçeşme Mah. Yeni Bağdat Cad. No: 130 – Gebze – KOCAELİ;
• signing the form with a secure electronic signature within the scope of the Electronic Signature Law No. 5070 and sending it via registered electronic mail (KEP) to sacitzorlumetal@hs02.kep.tr;
• following another method prescribed by the Personal Data Protection Board.
The Company responds to data subjects who wish to exercise these rights within the maximum period stipulated under the Law and within the limits set forth therein. For third parties to apply on behalf of a data subject, a special power of attorney issued through a notary public in the name of the applicant is required.
While data subject applications are processed free of charge as a rule, a fee may be charged in accordance with the tariff determined by the Personal Data Protection Board.
The Company may request additional information from the applicant to verify whether they are the data subject, and may ask questions to clarify the matters stated in the application.