Yüksel Kiremit

Personal Data Protection Law

YÜKSEL TOPRAK GIDA LIVESTOCK TURİZM MAK. SINGING. VE TİC. Inc. PROCESSING AND PROTECTION OF PERSONAL DATA POLICY

INTRODUCTION

In accordance with the Law No. 6698 on the Protection of Personal Data (“Law”); This is YÜKSEL TOPRAK GIDA HAYVANCILIK TURİZM MAK. SINGING. VE TİC. Inc. (will be referred to as the “COMPANY”) Personal Data Processing and Protection Policy (“Policy”) regulates the procedures and principles that must be followed by the (“COMPANY”) in fulfilling its obligations regarding the protection and processing of personal data.

1-PURPOSE and SCOPE

It is aimed to maintain the principle of conducting “YÜKSEL KİREMİT” activities in a transparent manner. In this context, the basic principles adopted in terms of the compliance of the COMPANY's data processing activities with the regulations in the Law on the Protection of Personal Data No. 6698 (“KVK Law”) are determined and the practices implemented by “YÜKSEL KİREMİT” are explained. The policy determines the processing conditions of personal data and sets out the main principles adopted by (YÜKSEL KİREMİT) in the processing of personal data. In this framework, the Policy is for real persons whose personal data are processed, where all personal data processing activities within the scope of the Law are carried out automatically or non-automatically provided that they are part of any data recording system of the company. “YÜKSEL KİREMİT” reserves the right to make changes in the “Policy” in parallel with the legal regulations.

1.1 Definations

Company	YÜKSEL TOPRAK GIDA HAYVANCILIK TURİZM MAK. SAN. VE TİC. A.Ş.
Personal Data/Data	Any information relating to an identified or identifiable natural person.
Special Qualified Personal Data	Data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
Processing of Personal Data	Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making Personal Data fully or partially automatic or non-automatic, provided that it is a part of any data recording system,It is all kinds of operations performed on data such as classification or prevention of use.
Third Parties and persons whose personal data are processed by the "COMPANY".	"YÜKSEL KİREMİT" is the third party real persons who are related to the above-mentioned parties in order to ensure the security of commercial transactions or to protect the rights of the aforementioned persons and to obtain benefits. Joint debtor (Guarantor, Promissory Note Debtor) Companion, Family Members and their relatives can be given as examples to these people.
Personal Data Owner/Relevant Person	“COMPANY” means its Stakeholders and Employees, Business Partners, Authorities, Job Applicants, Visitors, and Group Customers, Potential Customers, Third Parties and persons whose personal data is processed.
Data Recording System	It refers to the recording system in which personal data is processed and structured according to certain criteria.
Data Controller	It is the natural or legal person who determines the purposes and methods of processing personal data and is responsible for the establishment and management of the data recording system.
Data Processor	It is the natural and legal person who processes personal data on behalf of the data controller based on the authority given by the data controller.
Open Consent	It is the consent of a particular subject, based on information and expressed with free will.
Anonymization	It is to make the data previously associated with a person incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching them with other data.
Law	Refers to the Law on Protection of Personal Data No. 6698.
KVK Board	It is the Personal Data Protection Board.

1.2. Enforcement and Change

The policy was published on the website by the “COMPANY” and presented to the public. In case of conflict with the legislation in force, especially the Law, and the regulations included in this Policy, the provisions of the legislation shall apply. “COMPANY” reserves the right to make changes in the Policy in line with the legal regulations. The current version of the Policy can be accessed from the website of the "COMPANY"

2. PERSONAL DATA AND DATA OWNERS, DATA PROCESSING PURPOSE AND DATA CATEGORIES

2.1. What Are Your Personal Data?

Personal data means information that identifies or makes it identifiable. The categories of your personal data that can be processed by the "COMPANY" are listed below.

Identity Data: This data category, T.C. Identity Number refers to data types such as name, surname, place and date of birth, marital status, gender, identity document sample.
Family Members and their Relatives: Information about family members and relatives of the personal data owner
Communication Data: It is the data group that can be used to reach the person (Phone, postal address, e-mail, fax number, IP address, )
Special Quality Personal Data: This data category refers to data types such as (a) health data received from personnel within the scope of personal and occupational safety, k (b) health data of customers (c) biometric data of employees, (d) criminal record. .
Visual Data: It refers to the photograph taken at the entrance of the personnel or the image of the persons in the camera recordings made for security purposes in the physical environments of the “COMPANY”.
Personnel Data: Within the scope of the personnel file, which must be legally created within the framework of the employment contract established with the personnel, besides the personnel's identity, contact information, profession, education, financial data, body size for workplace clothes, etc. The data type that contains the information.
Contract Data: It refers to all data such as signature, signature circular, real person information that the "COMPANY" has entered into the database as a result of the contractual bond established by the "COMPANY" with its customers, business partners, suppliers and external sources with which it has legal or commercial relations.
Location Data: It refers to all the location data of the employees that the “COMPANY” processes for internal audit purposes.
Performance Data: It is all the data processed for the personnel within the “COMPANY” for the purpose of increasing internal audit and operability, and for the performance audit of the business partners outside the “COMPANY”.
Employee and Employee Candidate Information: Personal data processed regarding individuals who have applied to be an employee of the “COMPANY” or who have been evaluated as an employee candidate in line with the human resources needs of the "COMPANY" in accordance with the rules of commercial practice and honesty, or who have a working relationship with the "COMPANY".
Physical Space Security Information: Personal data related to records and documents such as camera recordings taken at the entrance to the physical space and during the stay in the physical space.
Visual Data: Visual records associated with the personal data owner, which are clearly belonging to an identified or identifiable natural person and included in the data recording system.
Visual Data: Visual records associated with the personal data owner, which are clearly belonging to an identified or identifiable natural person and included in the data recording system.
Risk Management Information: It is the personal data that is clearly belonging to an identified or identifiable natural person and is included in the data recording system and processed in order to manage the commercial, technical and administrative risks of the “COMPANY”.
Financial Information: Personal data processed for information, documents and records showing all kinds of financial results created according to the type of legal relationship established by the “COMPANY” with the personal data owner.
Request and Complaint Data: Personal data regarding the receipt and evaluation of any request or complaint directed to the “COMPANY”.

2.2. Data Subject Categories

Data subjects within the scope of the policy are all natural persons whose personal data are being processed by the COMPANY. In this context, the categories of data subjects are as follows:

DATA OWNER CATEGORIES	EXPLANATION
Working	"COMPANY" refers to real persons who perform services with an employment contract.
Intern	“Real persons working as interns in the COMPANY
Employee Candidate	It refers to real persons who apply for a job by sending a CV to the "COMPANY" or by other methods.
Third Parties	It refers to real persons excluding the categories mentioned above and the employees of the “COMPANY”.
Business Partners/Shareholders/ Supplier companies and their employees	Parties with which the "COMPANY" has established business partnerships for purposes such as the execution of its commercial activities or, in this context, who provide goods or services to the "COMPANY" in accordance with the instructions of the "COMPANY" and on a contractual basis, and the employees of these parties
Visitor	It refers to the real persons who visit the campus and website of the "COMPANY".
Customer	It refers to the real persons who benefit from the products and services offered by the Company.
Potential Customer	It refers to real persons who show interest in using the products and services offered by the Company and have the potential to become customers.

Data subject categories are specified for general information sharing purposes. The fact that the data owner does not fall under any of these categories does not remove the data owner's qualification as specified in the Law.

2.3. Personal Data Processing Purposes

For Employee Candidates;

Execution of Employee Satisfaction and Loyalty Processes,
Fulfillment of Employment and Legislation Obligations for Employees,
Conducting Audit / Ethical Activities,
Conducting Educational Activities,
Execution of Access Authorizations,
Execution of Activities in Compliance with the Legislation,
Execution of Finance and Accounting Affairs,
Planning of Human Resources Processes,
Execution / Supervision of Business Activities,
Execution of Occupational Health / Safety Activities,
Providing Information to Authorized Persons and Organizations,
Execution of Management Activities,
Ensuring Business Continuity Activities and Providing Physical Space Security,
Execution of Information Security Processes,
Execution of Benefits and Benefits Processes for Employees,
Execution of Finance and Accounting Affairs,
Planning of Human Resources Processes,
Execution / Supervision of Business Activities,
Execution of Occupational Health / Safety Activities,
Providing Information to Business Authorized Persons, Companies and Organizations,
Execution of Management Activities,
Ensuring Business Continuity Activities and Providing Physical Space Security,
Execution of Information Security Processes,
To make necessary legal notifications to official institutions, To benefit from incentives before official institutions, To notify relevant authorities within the scope of official institution inspections,
Execution of human resources operations and especially personnel activities,,
To ensure employee supervision and to carry out necessary data processing activities within the scope of the employers right to management,

For Relevant Persons Applying for a Job;

Execution of the Selection and Placement Processes of the applicants with the Job Application Form
Execution of Job Application Processes
Execution of human resources operations and especially recruitment processes,
Conducting Business Continuity Ensuring Activities
Providing Physical Space Security
Execution of Recruitment Policies and Employment and Contract processes within the scope of human resources operations management
Execution of Information Security Processes
Carrying out Internal Audit / Investigation / Intelligence Activities
Execution of Activities in Compliance with the Legislation
Providing Information to Authorized Persons, Institutions and Organizations
Execution of Emergency Management Processes
Execution of Communication Activities
Conducting Business Continuity Ensuring Activities,
Carrying out activities with legal, technical and administrative consequences,

For Interns/Students;

Follow-up of Requests/Complaints,
Execution of Information Security Processes,
Carrying out Internal Audit / Investigation / Intelligence Activities,
Execution of Activities in Compliance with the Legislation,
Providing Information to Authorized Persons, Institutions and Organizations,
Execution of Emergency Management Processes,
Execution of Communication Activities,
Conducting Business Continuity Ensuring Activities,,
Carrying out activities with legal, technical and administrative consequences,,
Regulation and Follow-up of Labor Relations,,
Providing Physical Space Security,
Organization and Event Management,
Execution of contract processes,
Conducting Business Continuity Ensuring Activities,,
Receiving and Evaluating Suggestions for Improvement of Business Processes,
Ensuring the Security of Movable Property and Resources,
Ensuring the Security of Data Controller Operations,
Execution of Occupational Health and Safety Activities,,
Making Wage Payments,

With Shareholders/Business Partners/Suppliers

Within the scope of the commercial relationship between you and the "COMPANY", the personal data of your company officials and employees, as specified in Article 5 of the Law; The establishment and performance of our contracts can be processed within the scope of the following purposes, in accordance with the basic principles stipulated in the Law, within the scope of the fulfillment of legal obligations and the legitimate interests of the "COMPANY" and within the scope of personal data processing conditions.

Execution of supply chain management processes,
Software, enterprise resource planning, reporting, marketing etc. performing functions such as
Execution of investment and marketing processes of products/services,
Determining risk limits and performing collateralization studies,
To be able to carry out the necessary quality, confidentiality and standard audits,
Fulfillment of the requirements determined by laws and regulations (tax legislation, legislation for the protection of consumers, legislation on the law of obligations, legislation on commercial law, customs legislation, legislation on electronic communication, etc. all relevant legislation)
Fulfillment of obligations related to e-invoice, e-archive and e-dispatch,
Fulfilling the demands of public institutions and organizations as required or mandated by legal regulations,
Fulfillment of legal obligations specified in KVKK.
Ensuring the Security of Data Controller Operations
Ensuring the Security of Movable Property and Resources
Follow-up of Requests / Complaints
Execution of Storage and Archive Activities
Execution of Advertising / Campaign / Promotion Processes
Execution of Performance Evaluation Processes
Execution of Marketing Analysis Studies
Organization and Event Management
Execution of Activities for Customer Satisfaction
Execution of Customer Relationship Management Processes
Execution of Goods / Services Sales Processes
Execution of Good / Service Production and Operation Processes
Authentication and registration creation,
Business partnership negotiations and signing of contracts
For the purpose of fulfilling the business partnership agreement processes and informing,
Execution of Strategic Planning Activities Execution of Risk Management Processes
Execution of Goods / Services Procurement Processes
xecution of Logistics Activities
Execution of Communication Activities
Carrying out Internal Audit / Investigation / Intelligence Activities
Execution of Company / Product / Service Loyalty Processes
Providing Physical Space Security, Execution of Goods / Services After Sales Support Services
Execution of Information Security Processes

For Customers;

Execution of Customer Relationship Management Processes
Providing Physical Space Security
To carry out transactions and activities within the scope of commercial / contractual relationship and to fulfill financial and legal obligations
Promotion and marketing of products and services, contacting you regarding them,
Follow-up of Requests / Complaints
Fulfillment of warranty obligations within the scope of manufacturer's responsibility
For the purpose of ensuring and auditing the quality, information security and privacy policies and standards of the "COMPANY".
Recording and tracking of information regarding payments,
In order to prepare reports and analyzes to be made to the senior management,
Execution of Activities for Customer Satisfaction
Execution of Customer Relationship Management Processes
Execution of Good / Service Production and Operation Processes
Execution of Goods / Services Sales Processes
Execution of Goods / Services After Sales Support Services
Execution of Goods / Services Procurement Processes
Execution of Logistics Activities
Carrying out Internal Audit / Investigation / Intelligence Activities
Providing Physical Space Security
Execution of Information Security Processe
In order to fulfill the requirements determined by laws and regulations (Tax Legislation, Social Security Legislation, Law of Obligations Legislation, Commercial Law Legislation, Consumer Protection Law, Electronic Communications related legislation etc. all relevant legislation).
Execution of Goods / Services Sales Processes
In order to fulfill the demands of public institutions and organizations as required or mandated by legal regulations,
Fulfillment of legal obligations specified in the law.

For Potential Customers;

Your identity and contact information obtained directly from you through your visits to the "COMPANY" campuses, your requests for orders and price offers to our center, your complaints, and the business cards you share at the fairgrounds and events (the data on the business card is considered public); It is processed in accordance with Article 5/2 of the Law for the creation of offers for the requested products, the establishment of the contract, and the management of your requests and complaints; If you are not a trader or a tradesman, it is processed based on your permission, in accordance with the marketing purpose, within the framework of the aim of being aware of the products and services of the "COMPANY" and offering you a number of special products.

For Visitors;

Within the scope of your visits to the "COMPANY", our website and other workplaces, your identity and visual data are processed in physical environments with security cameras and visitor logbooks, in order to ensure the security of the "COMPANY" and you, as well as to fulfill our legal obligations and to comply with our legitimate interests.

Execution of Audit / Ethical Activities
Execution of Information Security Processes
Creation and Tracking of Visitor Records
Providing Physical Space Security
Providing Information to Authorized Persons, Companies and Organizations
Ensuring the Security of Data Controller Operations

3. PROCEDURES AND PRINCIPLES TO BE FOLLOWED IN THE PROCESSING OF DATA

3.1. Principles Regarding the Processing of Personal Data

Your personal data is processed by the "COMPANY" in accordance with the personal data processing principles set forth in Article 4 of the Law. It attaches importance to processing your personal data in accordance with the law and the rules of honesty, for data processing purposes only. In order to ensure that personal data is correct and up-to-date, data owners are given the right to request correction or deletion of their correct and outdated data.

The “COMPANY” makes the necessary assessments for the processing of personal data for specific, clear and legitimate purposes for each category of personal data subject. Personal data is deleted, destroyed or anonymized by the "COMPANY" in order to ensure that personal data is kept for as long as required by the legislation or the processing purposes, after the purpose of processing personal data disappears or when the period stipulated in the legislation expires.

3.2. Conditions Regarding the Processing of Personal Data

According to the "COMPANY", Article 5, Paragraph 2 and Article 8, Paragraph 2 of the KVKK, without the express consent of the personal data owner;

Provided that it is directly related to the establishment of the contract and the performance of the services,
In cases where data processing is mandatory for the establishment, exercise or protection of a right, in cases expressly stipulated in the laws,  In cases of necessity for the “COMPANY” to fulfill its legal obligation,
In cases of necessity for the “COMPANY” to fulfill its legal obligation,
In cases where data processing is mandatory for the legitimate interests of the “COMPANY”, provided that it does not harm the fundamental rights and freedoms of the other party (visitor, employee, employee candidate, visitor, business partner),
If it is necessary for the protection of life or physical integrity of the person or someone else, who is unable to express his or her consent due to actual impossibility or does not give legal validity to his consent,
If the other party has made it public by himself, the personal data requested from him will be given to the "COMPANY" accurately and up-to-date, and this personal data will be processed and transferred by the "COMPANY".

3.3. Conditions Regarding the Processing of Special Categories of Personal Data

In Article 6 of the Law, special categories of personal data are specified in a limited number. These; data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

The “COMPANY” may process your personal data of special nature in the following cases by taking the necessary precautions:

The processing of sensitive personal data other than health and sexual life can only be processed if the data owner gives express consent or if it is expressly stipulated in the law.
 Personal data related to health and sexual life can only be disclosed by persons or authorized companies and organizations, who are under the obligation to keep confidential, for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. may be processed without consent.

4. METHOD OF COLLECTING YOUR PERSONAL DATA AND LEGAL REASON

Your personal data; It is collected through all kinds of physical, audio and electronic media such as website visits, the establishment and execution of contracts, recruitment processes, your visits to our workplaces, and depending on the nature of the personal data and the purpose of processing, the 2nd paragraph of Article 5 of the Law and the following reasons for compliance with the law. (explained above), if there is no such reason, it will be collected based on your express consent. Your personal data may be collected, processed and transferred for the purposes specified in this Policy, based on the legal reasons listed below, by fully automatic, partially automatic or non-automatic methods.

It is stipulated in the local or foreign legislation to which the “COMPANY” is subject,
Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract, to be able to offer the requested products and services or to fulfill the requirements of the contracts you have concluded,
Data processing is mandatory for the “COMPANY” to fulfill its legal obligations,
It has been made public by you,
Data processing is mandatory for the establishment, exercise or protection of a right as per the legislation or internal practice of the “COMPANY”,
Data processing is mandatory for the legitimate interests of the COMPANY, provided that it does not harm your fundamental rights and freedoms.

5. TRANSFER OF PERSONAL DATA

In accordance with the additional regulations listed in Articles 8 and 9 of the KVK Law and determined by the Personal Data Protection Board; In case of conditions for the transfer of personal data, it can transfer personal data at home or abroad.

Transfer of personal data to third parties in the country, in the presence of at least one of the data processing conditions described in Articles 5 and 6 of the Law and explained under Title 3 of this Policy, and provided that it complies with the basic principles of data processing conditions, your personal data will be transferred to the "COMPANY". It can be transferred by

The transfer of personal data to third parties abroad, in cases where there is no explicit consent of the person, in the presence of at least one of the data processing conditions stated in Articles 5 and 6 of the Law and explained under Title 3 of this Policy, and in accordance with the basic principles regarding data processing conditions. Personal data can be transferred abroad provided that it is complied with. As of today's conditions, our COMPANY does not transfer abroad.

In accordance with the general principles of the Law and the data processing conditions in Articles 8 and 9, the "COMPANY" can transfer data to the following Real and Legal Persons.

Providing and promoting products and services limited to the purchase of outsourced services (Software, enterprise resource planning, reporting, marketing, etc.), Software, enterprise resource planning, reporting, marketing, etc. With our other business partners, supplier companies, with whom we cooperate and/or receive services for the purpose of performing functions such as, benefiting from promotions and campaigns, and similar purposes,
With audit firms, independent audit firms, customs firms, financial advisor/accounting firms, law offices, provided that they are legally authorized to obtain information and documents from the “COMPANY” and are limited to the purpose,
With companies that process data on behalf of our company (providing IT support, providing traffic/customer satisfaction measurement, profiling and segmentation support, providing support in the fields of sales and marketing, especially in areas where personal data needs to be processed, especially sms, mailing, archiving),
With service providers in order to process your orders, manage your account, carry out commercial activities and ensure their continuity,
With banks and payment instrument systems companies for payment services, risk limit determination, collateralization, debt restructuring purposes,
With audit firms and information security firms in order to carry out the necessary quality, confidentiality and standard audits,
With public institutions and organizations in order to fulfill legal requirements and / or to fulfill the demands of official authorities.

6. DISCLOSURE AND RIGHTS OF DATA OWNERS

As a personal data owner, we declare that you have the following rights in accordance with Article 11 of the Law:

1- Learning whether your personal data is processed,
2- If your personal data has been processed, requesting information about it,
3- Learning the purpose of processing your personal data and whether they are used in accordance with its purpose,
4- Knowing the third parties to whom your personal data is transferred in the country,
5- Requesting the correction of your personal data in case of incomplete or incorrect processing and requesting the notification of the transaction made within this scope to the third parties to whom your personal data has been transferred,
6- Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing cease to exist, despite the fact that it has been processed in accordance with the Law and other relevant provisions of law, and requesting the notification of the transaction made within this scope to the third parties to whom your personal data has been transferred
7- Objecting to this if a result arises against you by analyzing the processed data exclusively through automated systems,
8- Requesting the compensation of the damage in case you suffer damage due to unlawful processing of your personal data.

7. ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

In order to prevent the unlawful disclosure, access, transfer of personal data or security deficiencies that may occur in other ways, the "COMPANY" takes all necessary measures, within the possibilities, according to the nature of the data to be protected. In this context, all necessary administrative and technical measures are taken by the "COMPANY", an audit system is established within the "COMPANY" and in case of unlawful disclosure of personal data, it acts in accordance with the measures stipulated in the Personal Data Protection Law.

8. DISPOSAL OF PERSONAL DATA

A DISPOSAL POLICY, which determines the methods of disposal of personal data, has been prepared and published on the website of the "COMPANY" (www.yukselkiremit.com). All disposal processes are carried out in accordance with this policy. Although it has been processed in accordance with the law in accordance with Article 7 of the Law, in the event that the reasons requiring its processing disappear, the "COMPANY", ex officio or upon the request of the Relevant Person, may comply with the Data protection and destruction policy, legislation and "COMPANY" that it has specially prepared for this business. destroys in accordance with the guide published by ”.

9. ISSUES REGARDING THE PROTECTION OF PERSONAL DATA

"COMPANY"; In accordance with Article 12 of the KVK Law, to prevent the unlawful processing of the personal data it is processing and to prevent the data from being accessed illegally.It takes the necessary technical and administrative measures to ensure the appropriate level of security in order to ensure the protection of data and data, and within this scope, it makes or has the necessary inspections made. The “COMPANY” takes technical and administrative measures according to technological possibilities and implementation costs in order to ensure that personal data is processed in accordance with the law.

9.1.Technical Measures

The administrative measures taken by the COMPANY for the legal processing of personal data are listed below.

It is used by the "COMPANY" as an internal data storage area, and the systems containing personal data are regularly backed up and reported.
File sharing containing personal data to real and/or legal persons other than the "COMPANY" is protected. Personal data transferred in portable memory, CD and DVD media are encrypted and transferred.
The security of environments containing personal data is ensured by the "COMPANY", necessary security measures are taken regarding entry and exit to physical environments, and the security of physical environments against external risks (fire, flood, etc.) is ensured.
“COMPANY” Employees cannot access the system with their personal devices.
An authorization matrix has been created for the “COMPANY” Employees, which employee can access which information and limits of authority are determined. The authorizations of employees who have a change in duty or quit their job in this field are removed.
The software running on the devices in the "COMPANY" is up-to-date and licensed.
The anti virus software / hardware is up to date on the devices in the "COMPANY".
In the "COMPANY", we do not have a department within the scope of supply, development and maintenance of Information Technologies systems, outsourcing services are outsourced.
There is network security and application security software in the system in the "COMPANY" and access to the network is controlled with SIEM / NAC solutions.
Access log records are kept regularly on the "COMPANY" side, and log records are kept without user intervention.
Systems with “COMPANY” have a firewall.
External user / guest etc. to the system in "COMPANY". When people log in, they cannot access the information source.
Active directory or user account management and authorization control system is used by the “COMPANY”.
The files/programs containing personal data are encrypted by the "COMPANY".
The "COMPANY" does not have the opportunity to access the system in which personal data is stored by VPN.

9.2. Administrative Measures

The main administrative measures taken by “YÜKSEL KİREMİT” for the legal processing of personal data are as follows:

Employees of the “COMPANY” are informed and trained on the law of protection of personal data and the processing of personal data in accordance with the law.
All personal data processing activities carried out by the "COMPANY"; It is carried out in accordance with the personal data inventory and its annexes, created by analyzing all business units in detail.
Personal data processing activities carried out by the relevant departments within the "COMPANY"; The obligations to be fulfilled in order to ensure that these activities comply with the personal data processing requirements sought by the KVKK, are bound to the written policies and procedures by the "COMPANY", each business unit has been informed about this issue and the points to be considered specific to the activity it carries out have been determined. In addition, protocols and procedures for special quality personal data security have been determined and implemented.
The supervision and management of the departments within the "COMPANY" regarding personal data security is organized by the Personal Data Protection Committee. Awareness is created in order to meet the legal requirements determined on the basis of the business unit, and the necessary administrative measures are implemented through in-house policies, procedures and trainings to ensure the continuity of the implementation and supervision of these issues. In-house periodic and/or random audits are conducted and made.
The service contracts and related documents between the "COMPANY" and the employees are recorded including information and data security regarding personal data, and additional protocols are made. Studies have been carried out to create the necessary awareness for employees in this regard. The authorizations of employees who have a change in duty or quit their job in this field are removed.
Personal data security problems are quickly reported by the "COMPANY" and personal data security is monitored.
“COMPANY” Necessary security measures are taken regarding entry and exit to physical environments containing personal data, the security of environments containing personal data is ensured, and the security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
Personal data processed by the "COMPANY" are reduced as much as possible.
Confidentiality commitments are made by the "COMPANY".
Personal data security is monitored by the "COMPANY", periodic and/or random audits are carried out and made.

10. CONTACT

You can send your applications regarding your rights listed above by filling out the Related Person Application Form, which you can access on our website with the extension (www.yukselkiremit.com) or by another written document with the same content, to the address of our "COMPANY" stated below. You can send all your requests in writing to the postal addresses specified below. In case the data owners (relevant persons) submit their requests regarding their personal data to “YÜKSEL KİREMİT” in writing, the “COMPANY” as the data controller, in accordance with Article 13 of the KVK Law, according to the nature of the request. carries out the necessary processes to ensure that it is finalized in a short time and within thirty (30) days at the latest. Within the scope of ensuring data security, the "COMPANY" may request information in order to determine whether the applicant is the owner of the personal data subject to the application. The “COMPANY” may also ask questions about the application of the Related Person in order to ensure that the application of the Related Person is concluded in accordance with the request. In cases where there is a possibility of impeding the rights and freedoms of other persons, requiring disproportionate effort, and the information is publicly available, the request may be rejected by the "COMPANY" by explaining the reason.

YÜKSEL TOPRAK GIDA HAYVANCILIK TURİZM MAK. SAN. VE TİC. A.Ş.

Address: Ak Kent Mah. Çevre Yolu Bulvarı No: 192 / MERKEZ ÇORUM

Telephone: +90.364 225 01 38 – 39

Gsm: 0533 772 35 27

E-Mail: info@yukselkiremit.com

Web Address: www.yukselkiremit.com

Personal Data Protection Law

Let's communicate