Policies
kvkk
To aim to reach quality values and customer satisfaction at every stage of our production and to carry out the necessary work in order to meet the demands of our customers at the highest level with our service quality in CNC laser cutting, steel sheet processing, steel construction production, production of steel concrete plants,
To be beneficial to our country with R&D activities and new product design and to provide added value,
To be the leading organisation in our sector that continuously develops and grows steadily with its production and service quality,
To provide quality and excellent service to our customers by adopting prevention-based quality understanding and continuous improvement as a principle,
Within the scope of product and service quality, to make the processes perfect by constantly following innovations and technology, improving our personnel and infrastructure,
In line with our company's vision, our environmental policy in accordance with ISO 14001:2015 standard;
To ensure the protection of the environment by minimising internal and external factors affecting environmental pollution arising from our activities,
To comply with international standards, laws and technical regulations and to use them at every stage, To fulfil compliance obligations,
To recycle and recycle with recycling technology,
Within the scope of the environmental management system, to organise training and awareness raising activities related to the environment, to support such activities,
Continuously improve the environmental management system to increase environmental performanceşand to ensure development,
To adopt and fulfil the requirements of the environmental management system in order to ensure environmental awareness in a systematic and regular manner in all our fields of activity,
We are committed to fulfil the requirements for the environment as our environmental policy.
Our OHS quality policy in line with our company vision;
To comply with international standards, laws and technical regulations within the scope of OHS and to apply them at every stage of our activities,
To follow the developing technology, to improve ourselves in occupational health and safety and to apply it in our company,
To eliminate risks that may threaten occupational health and safety by reviewing working charges and procedures,
To provide all necessary trainings to our employees to achieve our targets within the scope of OHS, to provide a suitable working environment and to support this with technology,
To carry out continuous improvement and development activities by minimising internal and external factors arising from our activities and affecting OHSAs management, we are committed to ensure the continuity of the OHS system.
While continuing our work in accordance with ISO 50001 Energy Management System;
- To comply with national and international legal requirements and other applicable requirements regarding energy use, energy efficiency and energy consumption,
- To continue improvement and development activities with the participation of all employees for more efficient use of our energy resources,
- To continuously monitor our energy consumption factors and to continue development efforts to minimise energy losses,
- To take energy efficiency as a basis in all product and service purchases that affect energy performance
- To realise and prefer designs that improve energy performance
- To improve our production activities and to prefer designs that prioritise energy efficiency, especially in our new investment activities,
- To continuously raise awareness of our employees on energy efficiency and protection of natural resources,
Energy Management System is our policy.
PERSONAL DATA PROTECTION POLICY
Mersan Metal Industry Construction. Foreign Trade. Ltd Şti. Established in 1994 in Ostim Organised Industrial Zone, Mersan Metal has reached an important position in the sheet metal processing sector in a short time. Today, it serves its customers in 3 workshops with a total production area of 1500 m2 in Ostim Organised Industrial Zone and in its factory with a closed production area of 8.000 m2 in Başkent Organised Industrial Zone.
It provides sheet metal cutting services in its workshops located in Ostim Organised Industrial Zone and offers project design, sheet metal cutting, bending, welding, painting and assembly services as a whole in its factory located in Başkent Organised Industrial Zone. Thanks to its advanced technology machine park, it has realised projects of various qualities and capacities of many companies operating in Turkey and abroad. More information about us www.mersanmetal.com.tr You can access it at
PURPOSE
Mersan Metal, as the data controller, undertakes to comply with all legal regulations regarding the protection of personal data and the principles set forth in this policy at all times. This policy explains the principles of processing, legal grounds and purposes of processing, data collection methods, data transfer, storage, anonymisation, deletion, destruction of personal data belonging to natural persons processed by Mersan Metal and the measures taken to ensure data security. The rights of the relevant persons and the methods of exercising these rights are also explained in this policy.
SCOPE
The scope of this policy is the personal data of natural persons processed by Mersan Metal in relation to its commercial activity by fully or partially automated or non-automated means, provided that it is part of any data recording system.
DEFINITIONS
The definitions in Article 3 of the Law No. 6698 on the Protection of Personal Data also apply to this policy
BASIC PRINCIPLES
Mersan Metal processes personal data;
- Complies with the law and the rules of honesty,
- Ensures that personal data is accurate and up-to-date,
- Processes personal data for specific, explicit and legitimate purposes,
- The data are relevant, limited and proportionate to the purpose for which they are processed,
- The data are retained for the period necessary for the purpose for which they are processed.
CONDITIONS OF PROCESSING PERSONAL DATA
Legal regulations allow the processing of personal data without the explicit consent of the data subjects in the presence of one of the following conditions.
Explicitly stipulated in the laws: The following main legal regulations require Mersan Metal to process personal data.
- Labour Law No. 4857 (employees)
- Law No. 5510 on Social Security and Health Insurance (employees)
- Tax Procedure Law No. 213 (customers)
Actual impossibility: Although it is possible to process personal data for the protection of the life or physical integrity of the person who is unable to disclose his consent or whose consent is not legally valid, Mersan Metal does not process personal data for any purpose based on this condition.
The conclusion or performance of a contract: Provided that it is directly related to the establishment or performance of a contract, personal data may be processed if it is necessary to process personal data belonging to the parties to the contract. Mersan Metal based on this condition;
- Personal data of the person concerned, his/her representative and/or employee in contracts concluded with customers,
- Personal data of the data subject, his/her representative and/or employee in contracts with suppliers,
- Personal data of the data subject, his/her representative and/or employee in service contracts,
- Processes the personal data of its employees in labour contracts.
Fulfilment of legal obligations: Mersan Metal processes personal data in order to fulfil its legal obligations stated above.
Publicisation: Although the processing of personal data made public by the relevant persons themselves is considered legitimate in legal regulations, Mersan Metal does not process personal data for any purpose depending on this condition.
Being compulsory for the establishment, use or protection of a right: It is possible to process the personal data of the person concerned if it is necessary for the establishment, exercise or protection of a right. For example, a company may use certain data to prove a lawsuit filed by its own employee, or a guardian or trustee may keep the financial information of a restricted person in order to protect the rights of the restricted person. In addition, after the contract is terminated, the retention of documents such as invoices, contracts, surety bonds for these purposes until the end of the statute of limitations against possible legal proceedings will be considered within this scope.
Legitimate interest of the data controller: Provided that it does not harm the fundamental rights and freedoms of the data subject, it is possible to process personal data if data processing is mandatory for the legitimate interests of the data controller.
Open Consent: Personal data cannot be processed without the explicit consent of the data subjects. In case Mersan Metal processes personal data in a way that requires this condition, it obtains the explicit consent of the relevant persons.
PURPOSES OF PROCESSING PERSONAL DATA
Mersan Metal processes personal data for the following purposes based on at least one of the above legal conditions (some purposes may be based on more than one condition).
- Execution of emergency management processes
- Execution of information security processes
- Carrying out the application processes of employee candidates
- Fulfilment of labour contractual and legislative obligations for employees
- Execution of fringe benefits and benefits processes for employees
- Conducting audit / ethics activities
- Carrying out training activities
- Execution of access authorisations
- Execution of activities in accordance with the legislation
- Carrying out financial and accounting affairs
- Ensuring physical space security
- Execution of assignment processes
- Follow-up and execution of legal affairs
- Carrying out internal audit / investigation / intelligence activities
- Carrying out communication activities
- Planning of human resources processes
- Execution / supervision of work activities
- Carrying out occupational health / safety activities
- Carrying out activities to ensure business continuity
- Carrying out logistics activities
- Execution of goods / service procurement processes
- Execution of goods / service sales processes
- Execution of goods / service production and operation processes
- Execution of customer relationship management processes
- Execution of risk management processes
- Carrying out storage and archive activities
- Execution of contract processes
- Follow-up of requests / complaints
- Execution of the remuneration policy
- Ensuring the security of data controller operations
- Informing authorised persons, institutions and organisations
- Carrying out management activities
SPECIAL CATEGORIES OF PERSONAL DATA
In legal regulations, race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are defined as sensitive personal data.
Personal data other than health and sexual life may be processed without the explicit consent of the data subject in cases stipulated by law. Personal data relating to health and sexual life may only be processed without the explicit consent of the data subject by persons under the obligation of confidentiality or by authorised institutions and organisations for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. Except for these cases, special categories of personal data shall not be processed without the explicit consent of the person concerned.
Mersan Metal processes the data on criminal convictions and security measures and health reports of its employees and employee candidates in order to be placed in the personnel file or due to legal obligations in accordance with the relevant legislation in order to make assignments in accordance with the health status when making assignments. The blood group data of the employees are processed in order to be used in case of need during any emergency intervention within the scope of occupational health and safety.
DATA COLLECTION METHOD
Mersan Metal processes the personal data of its customers, suppliers, service suppliers and/or their representatives and employees upon signing a contract with them or purchasing/selling goods/services.
The processing of personal data of employees starts with their job application and continues by requesting them when necessary until the termination of their employment contract. Video and audio recordings are processed when they are present at the workplace. Personal data of prospective employees are processed during job application.
Mersan Metal provides the internet access information of the persons to whom it provides internet access by using its own systems and the internet access information required to be kept within the scope of Law No. 5651 and the website www.mersanmetal.com.tr The Company keeps log records of IP addresses connected to the website. Camera recordings are made 24/7 for security purposes in the common areas of the company buildings. Personal data of visitors are processed upon their entry to the facilities of our company.
LEGAL GROUNDS FOR DATA COLLECTION
In accordance with the situations listed in paragraph (2) of Article 5 of the Personal Data Protection Law No. 6698, the situations listed above under the headings of the Conditions for Processing Personal Data and the Purposes of Processing Personal Data constitute the legal reasons for data collection.
DATA SUBJECT CATEGORIES
Mersan Metal collects personal data of customers, shareholders/partners, employees, employee candidates, supplier officials, supplier employees and visitors and their parents, guardians or representatives in a data inventory. Data subject categories are shown in the table below.
Data Owner | EXPLANATION |
Customer | Mersan Metal refers to its customers. |
Shareholder/Partner | Refers to Mersan Metal partners |
Employee | Refers to Mersan Metal employees. |
Employee Candidate | Refers to people who have applied for a job at Mersan Metal but have not yet started working |
Visitor | It refers to the people who come to the buildings of Mersan Metal for the purpose of visiting. |
Supplier Employee/authority | It refers to the employees and officials of the institutions that sell services or goods to Mersan Metal. |
Parent/Guardian | Refers to persons who are the parents or guardians of persons who receive services from Mersan Metal or who provide services to Mersan Metal. |
DATA INVENTORY AND DATA CATEGORIES
Personal data classified according to the relevant groups of persons are transferred to a data inventory, taking into account the purposes of processing, qualifications, transfer locations and storage periods. The data categories in this inventory are; identity, communication, personal, legal transaction, customer transaction, physical space security, transaction security, risk management, finance, professional experience, visual and audio records, criminal conviction and security measures. The currency of the inventory is checked periodically.
Data Type | EXPLANATION |
Identity | The name, surname, Turkish ID number, place of birth, date of birth, etc. of persons are identity data. |
Contact | The address, telephone number, e-mail address, KEP address, etc. of the person. |
Personnel | Information contained in the personal file of the person. Payroll information, disciplinary investigation, employment-exit document records, property declaration information, CV information, performance evaluation reports, etc. |
Legal Action | Information in correspondence with judicial authorities, information in case files |
Customer Transaction | Invoices issued for services rendered, tickets, promissory note and cheque information, order and request information, etc. |
Physical Space Security | Visitor records, entry and exit records of employees and visitors, etc. |
Process Security | IP data, website login and exit information, system logs, password and password information, etc. |
Finance | Bank Information, IBAN No., account information, credit and risk information, asset information are financial data. |
Professional Experience | Diploma information, education certificates, certificates of attendance, courses attended, certificates of expertise on a particular subject, information on previous work and work experience, projects carried out, etc. |
Audio and Visual Recordings | Video recordings, photographs, sound recordings, camera images, etc. |
Health Data | Health reports of individuals, information on their disability status, information on their personal health status, blood type, information on devices and prostheses used, prescriptions, information on diagnosis and treatment, medicines used, etc. |
Criminal Conviction and Security Measures. | Data such as the criminal conviction of the person or the security measure decisions taken about the person are evaluated within this scope. |
DATA COLLECTION METHOD
Mersan Metal processes the personal data of its customers, suppliers, service suppliers and/or their representatives and employees upon signing a contract with them or purchasing/selling goods/services.
The processing of personal data of employees starts with their job application and continues by requesting them when necessary until the termination of their employment contract. Video and audio recordings are processed when they are present at the workplace. Personal data of prospective employees are processed during job application.
Mersan Metal provides the internet access information of the persons to whom it provides internet access by using its own systems and the internet access information required to be kept within the scope of Law No. 5651 and the website www.mersanmetal.com The Company keeps log records of IP addresses connected to the website. Camera recordings are made 24/7 for security purposes in the common areas of the company buildings. Personal data of visitors are processed upon their entry to the facilities of our company.
LEGAL GROUNDS FOR DATA COLLECTION
In accordance with the situations listed in paragraph (2) of Article 5 of the Personal Data Protection Law No. 6698, the situations listed above under the headings of the Conditions for Processing Personal Data and the Purposes of Processing Personal Data constitute the legal reasons for data collection.
DATA SUBJECT CATEGORIES
Mersan Metal collects personal data of customers, shareholders/partners, employees, employee candidates, supplier officials, supplier employees and visitors and their parents, guardians or representatives in a data inventory. Data subject categories are shown in the table below.
Data Owner | EXPLANATION |
Customer | Mersan Metal refers to its customers. |
Shareholder/Partner | Refers to Mersan Metal partners |
Employee | Refers to Mersan Metal employees. |
Employee Candidate | Refers to people who have applied for a job at Mersan Metal but have not yet started working |
Visitor | It refers to the people who come to the buildings of Mersan Metal for the purpose of visiting. |
Supplier Employee/authority | It refers to the employees and officials of the institutions that sell services or goods to Mersan Metal. |
Parent/Guardian | Refers to persons who are the parents or guardians of persons who receive services from Mersan Metal or who provide services to Mersan Metal. |
DATA INVENTORY AND DATA CATEGORIES
Personal data classified according to the relevant groups of persons are transferred to a data inventory, taking into account the purposes of processing, qualifications, transfer locations and storage periods. The data categories in this inventory are; identity, communication, personal, legal transaction, customer transaction, physical space security, transaction security, risk management, finance, professional experience, visual and audio records, criminal conviction and security measures. The currency of the inventory is checked periodically.
Data Type | EXPLANATION |
Identity | The name, surname, Turkish ID number, place of birth, date of birth, etc. of persons are identity data. |
Contact | The address, telephone number, e-mail address, KEP address, etc. of the person. |
Personnel | Information contained in the personal file of the person. Payroll information, disciplinary investigation, employment-exit document records, property declaration information, CV information, performance evaluation reports, etc. |
Legal Action | Information in correspondence with judicial authorities, information in case files |
Customer Transaction | Invoices issued for services rendered, tickets, promissory note and cheque information, order and request information, etc. |
Physical Space Security | Visitor records, entry and exit records of employees and visitors, etc. |
Process Security | IP data, website login and exit information, system logs, password and password information, etc. |
Finance | Bank Information, IBAN No., account information, credit and risk information, asset information are financial data. |
Professional Experience | Diploma information, education certificates, certificates of attendance, courses attended, certificates of expertise on a particular subject, information on previous work and work experience, projects carried out, etc. |
Audio and Visual Recordings | Video recordings, photographs, sound recordings, camera images, etc. |
Health Data | Health reports of individuals, information on their disability status, information on their personal health status, blood type, information on devices and prostheses used, prescriptions, information on diagnosis and treatment, medicines used, etc. |
Criminal Conviction and Security Measures. | Data such as the criminal conviction of the person or the security measure decisions taken about the person are evaluated within this scope. |
STORAGE OF DATA
The data retention periods of Mersan Metal in accordance with the personal data processing purposes described in this policy are shown in the table below.
DATA | LEGAL RATIONALE | DURATION |
Human Resources Data - Personnel File | The data kept in the personnel file of the employees are kept in accordance with the provisions of the Labour Law No. 4857 and the Code of Obligations No. 6098. | 10 Years |
HR Data-Job Application | A reasonable period for the assessment of the application is 2 years. | 2 Years |
Accounting Data | The accounting records are kept for 10 years, which is the statute of limitations, in accordance with the provisions of the Code of Obligations No. 6098. | 10 Years |
Supplier Employee/Authority Data | Contact and identity data in the invoices/receipts and contracts required within the scope of the goods/services received regarding the supplier employee and authorised person are kept for 10 years within the scope of the Code of Obligations No. 6098. | 10 years |
Visitor Logs | The visitor records kept to ensure the security of the buildings are kept for 2 years in accordance with the statute of limitations in the Turkish Penal Code. | 2 years |
Security Camera | Security camera records are kept for 1 month. | 1 month |
Website Logs | Within the scope of Law No. 5651, log records of IP addresses connected to the website are kept for 2 years. | 2 years |
Internet Usage Data | Internet usage log records of employees and visitors are recorded for 2 years in accordance with Law No. 5651 and related legislation. | 2 years |
DOMESTIC TRANSFER OF PERSONAL DATA
In order for personal data to be transferred domestically, at least one of the following conditions must be met in accordance with Article 8 of Law No. 6698:
- Explicitly stipulated in the laws,
- It is necessary for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
- Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,
- It is mandatory for the data controller to fulfil its legal obligation,
- It has been publicised by the person concerned,
- Data processing is mandatory for the establishment, exercise or protection of a right,
- Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
- If one of the above conditions is not available, obtaining the explicit consent of the person concerned,
Except for the cases specified here, Mersan Metal does not share personal data with third parties in any way.
In parallel with the data processing purposes described in this policy, Mersan Metal transfers personal data to authorised public institutions in order to fulfil its legal obligations as stipulated by law and to its suppliers when necessary to maintain its commercial activities.
Personal data of employees are transferred to the Social Security Institution of the Ministry of Labour and Social Security in accordance with the Labour Law No. 4857 and the Social Insurance and Health Insurance Law No. 5510. In addition, these data are shared with the relevant bank for salary, other financial rights and private pension system payments; with the insurance company for complementary health insurance; with the independent financial advisor for accounting transactions; with the relevant consultancy firm for occupational health and safety purposes.
TRANSFER OF PERSONAL DATA ABROAD
Data transfer abroad according to Article 9 of the Law;
- Explicit consent of the person concerned,
- In the case of data transfer to countries with adequate protection (countries deemed safe by the Board), the existence of the conditions specified in the Law (the conditions specified in paragraph 2 of Article 5 and paragraph 3 of Article 6 of the Law),
- In case of data transfer to countries where there is no adequate protection, the existence of the conditions specified in the Law (the conditions specified in paragraph 2 of Article 5 and paragraph 3 of Article 6 of the Law), the written commitment of adequate protection and the permission of the Board,
in cases where the data is transferred to third parties abroad. Data is not transferred to third parties abroad without the permission of the Board. Mersan Metal;
- For reasons arising from the law or an international treaty,
- If it is mandatory for the performance of a contract,
- In case of actual impossibility,
- Mersan Metal has a legal responsibility,
- Due to the establishment, protection and utilisation of a right,
- Or within the scope of an essential legitimate interest of Mersan Metal,
It will be able to share data with the receipt of undertakings that adequate protection will be provided and the conditions specified below are met. Apart from this, Mersan Metal may transfer data abroad with the explicit consent of the person concerned.
Mersan Metal is one of the leading companies data controller If it transfers data to third parties, it submits to the Personal Data Protection Authority a letter of undertaking signed by both parties regarding the situation where both parties are data controllers, the minimum conditions of which are determined by the Personal Data Protection Authority. Such data transfer is made with the approval of the Personal Data Protection Authority. Without this approval, Mersan Metal does not transfer data to the third parties in question.
Mersan Metal is one of the leading companies data processor If it transfers data to third parties, it submits to the Personal Data Protection Authority a letter of undertaking between the data controller and the data processor, the minimum conditions of which are determined by the Personal Data Protection Authority and signed by both parties. Such data transfer is made with the approval of the Personal Data Protection Authority. Without this approval, Mersan Metal does not transfer data to the third parties in question.
DATA SECURITY MEASURES
Prevention of Unlawful Data Processing
Mersan Metal processes personal data according to the relevant groups of persons in order to realise the purposes specified in this policy. When processing personal data, the principle of being connected, limited and proportionate to the purpose for which they are processed is always adhered to. Personal data is reduced as much as possible.
Mersan Metal takes the necessary administrative and technical measures to prevent the processing of personal data for purposes other than its purpose. Data processing personnel are trained in this regard. Data processing processes are under the supervision of the company management.
Prevention of Unlawful Access
Mersan Metal takes the necessary security measures for entering and exiting physical environments containing personal data. These environments are secured against external risks. Personal data transferred via paper are sent in confidential document format.
An access matrix has been created regarding access to personal data kept on information systems. Records of access to personal data are kept regularly and without user intervention. Information systems are secured against external risks.
Measures for the Protection of Personal Data
As an administrative measure for the protection of personal data;
- Personal data security policies and procedures have been determined.
- Personal data security issues are reported quickly.
- Personal data security is monitored.
- Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
- Physical environments containing personal data are secured against external risks (fire, flood, etc.).
- Training and awareness raising activities on data security are carried out at regular intervals for employees
- Provisions regarding data security are included in the contracts to which we are a party. Commitments regarding data security and confidentiality are obtained from suppliers and employees.
- Training and awareness raising activities on data security are carried out at regular intervals for employees.
- The authorisation of employees who change their duties or leave their jobs in this area is cancelled.
- Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format.
- Awareness of data processing service providers on data security is ensured.
As a technical measure for the protection of personal data;
- An information security management system has been adopted as a principle.
- Network security and application security are provided.
- Up-to-date anti-virus programmes are used.
- Firewalls are used.
- Personal data are regularly backed up and all kinds of physical and virtual security measures are taken for the backed up data.
- Log records are kept without user intervention.
APPLICATION METHODS
Application Method | Application Requirements | Application Address | Other Requirements |
In Person Application | You can apply to the address where our company operates by verifying your identity in person or through a proxy by submitting a power of attorney. The application can also be made with an application form or a petition, but it must be wet signed. | Mersan Metal Malıköy Başkent OSB Mahallesi 11.Cadde No:2 Sincan Ankara | It will be given in a sealed envelope. The phrase "Information Request within the scope of the Personal Data Protection Law" will be written on the envelope. |
Application by Mail | You can apply by sending the wet signed application form or petition by post. Notarised signature circular and if the application is made by proxy, the original power of attorney must also be placed in the envelope. | Mersan Metal Malıköy Başkent OSB Mahallesi 11.Cadde No:2 Sincan Ankara | The phrase "Information Request within the scope of the Personal Data Protection Law" shall be written on the envelope. |
Application via Notary Public | You can apply in person or by proxy through a notary public. In this application, the method by which the reply is to be received must be specified. | Mersan Metal Malıköy Başkent OSB Mahallesi 11.Cadde No:2 Sincan Ankara |
|
Application via Registered Electronic Mail (KEP) | You can apply by sending your petition signed with your electronic signature from your KEP address. Unless otherwise stated, the answer will be sent to your KEP address. | Please send it with the title "Request under the Personal Data Protection Law" in the subject section. | |
Application via Electronic Mail | If you have already given us your e-mail address, you can apply via this e-mail address. | Please send it with the title "Request under the Personal Data Protection Law" in the subject section. |
Unless otherwise stated, the response to the application shall be made by the method used in the application. If requested, a reply can also be sent by any of the above methods. Applications are free of charge. However, if a cost is required to respond, a fee may be charged according to the tariff determined by the Personal Data Protection Board. In the event that it is understood that Mersan Metal has an error according to the subject of the request of the relevant persons, the fee received will be refunded.
Anonymisation
Anonymisation of personal data means making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if the personal data is matched with other data. In order for personal data to be anonymised; personal data must be rendered unassociable with an identified or identifiable natural person, even through the use of appropriate techniques for the recording medium and the relevant field of activity, such as the return of personal data by the data controller or recipient groups and / or matching the data with other data.
Mersan Metal takes all necessary technical and administrative measures in the process of anonymising personal data. The anonymisation of personal data is carried out in accordance with the principles specified in the Regulation on Deletion, Destruction or Anonymisation of Personal Data and the methods in the guide published by the KVK Authority on the subject.
Deletion of Personal Data
Deletion of personal data is the process of making personal data inaccessible and non-reusable in any way for the users concerned.
Mersan Metal takes all necessary technical and administrative measures to ensure that deleted personal data is inaccessible and non-reusable for the relevant users. The following methods are used for the deletion of data.
Application-as-a-Service Type Cloud Solutions: In the cloud system, the data is deleted by giving the delete command. While performing the aforementioned operation, it is noted that the user concerned is not authorised to restore the deleted data on the cloud system.
Personal Data in Paper Media: Personal data on paper media are erased using the blackout method. The blackout process is performed by cutting out the personal data on the relevant document, where possible, and making it invisible to the relevant users by using fixed ink in a way that cannot be reversed and cannot be read with technological solutions.
Office Files on the Server: The file is deleted with the delete command in the operating system or the access rights of the user concerned are removed on the directory where the file or file is located. While performing the aforementioned operation, it is ensured that the user concerned is not also the system administrator.
Personal Data on Portable Media: No confidential data is carried on portable media. Personal data on portable media are deleted with software suitable for the hardware in question.
Databases: The relevant rows containing personal data are deleted with database commands (DELETE etc.). While performing the aforementioned operation, it is ensured that the relevant user is not the database administrator at the same time.
Destruction of Personal Data
Destruction of personal data is the process of making personal data inaccessible, unrecoverable and non-reusable by anyone in any way. Mersan Metal takes all necessary technical and administrative measures regarding the destruction of personal data.
Local Systems
One or more of the following methods are used to destroy the data on the systems in question.
De-magnetisation: It is the process of distorting the data on the magnetic media in an unreadable way by passing it through a special device and exposing it to a very high magnetic field.
Physical Annihilation: The process of physically destroying optical media and magnetic media, such as melting, burning or pulverising. By melting, burning, pulverising or passing optical or magnetic media through a metal grinder, the data is rendered inaccessible. In the case of solid state discs, if overwriting or de-magnetising is not successful, this media is also physically destroyed.
Don't Overwrite: It is the process of preventing the recovery of old data by writing random data consisting of 0s and 1s at least seven times on magnetic media and rewritable optical media. This process is done by using special software.
Environmental Systems
Destruction methods that can be used depending on the type of environment are listed below:
Network devices (switch, router, etc.): The storage media inside these devices are fixed. Most of the time, the products have a delete command but not a destroy feature. They are destroyed by using one or more of the appropriate methods specified above for 'Local Systems'.
Flash based environments: Flash-based hard discs with ATA (SATA, PATA, etc.), SCSI (SCSI Express, etc.) interfaces are destroyed by using the command if supported, or by using the destruction method recommended by the manufacturer if not supported, or by using one or more of the appropriate methods specified above for 'Local Systems'.
Magnetic tape: They are environments that store data with the help of micro magnet parts on flexible tape. It is destroyed by exposing it to very strong magnetic environments and de-magnetising it or by physical destruction methods such as incineration and melting.
Units such as magnetic discs: They are media that store data with the help of micro magnet parts on flexible (plate) or fixed media. It is destroyed by exposing it to very strong magnetic environments and de-magnetising it or by physical destruction methods such as incineration and melting.
Mobile phones (Sim card and fixed memory space): Fixed memory areas in portable smartphones have a delete command, but most of them do not have a destroy command. It can be destroyed by using one or more of the appropriate methods mentioned above for 'Local Systems'.
Optical discs: Data storage media such as CDs and DVDs. It is destroyed by physical destruction methods such as burning, breaking into small pieces, melting.
Peripherals such as printers with removable data recording media, fingerprint door access system: It is verified that all data recording media are removed and destroyed by using one or more of the appropriate methods specified above for 'Local Systems'.
Peripherals such as printers, fingerprint door access systems with fixed data recording media: Most of these systems have a delete command, but not a destroy command. They can be destroyed by using one or more of the appropriate methods mentioned above for 'Local Systems'.
Paper and Microfiche Media
Since the personal data on such media are permanently and physically written on the media, the main media is destroyed. While performing this process, the media is divided into small pieces of incomprehensible size, if possible horizontally and vertically, with paper shredding or clipping machines, so that they cannot be reassembled. Personal data transferred from the original paper format to the electronic environment by scanning are destroyed by using one or more of the above-mentioned appropriate methods depending on the electronic environment in which they are located.
Cloud Systems
During the storage and use of personal data in such systems, it is required to be encrypted by cryptographic methods and, where possible, encryption keys should be used for personal data, especially separately for each cloud solution from which service is received. When the cloud computing service relationship ends; it is ensured that all copies of the encryption keys required to make personal data usable are destroyed.
Anyone can contact Mersan Metal about themselves;
- To learn whether his/her personal data has been processed or not, and to request information if his/her personal data has been processed,
- To learn the purpose of processing his/her personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom personal data is transferred domestically or abroad,
- To request correction of personal data if it is incomplete or incorrectly processed, to request their deletion or destruction within the framework of the conditions stipulated in the Law and to request notification of these transactions to third parties to whom personal data is transferred,
- To object to the occurrence of a result to his/her detriment, in particular by means of analysing his/her processed data through automated systems,
- In case of damage due to unlawful processing of personal data, it has the right to demand compensation for the damage.
Mersan Metal provides all kinds of methods to facilitate people to exercise their rights. However, as a requirement of the protection of personal data, persons must prove their identity beyond any doubt. In accordance with the communiqué published by the Personal Data Protection Board, the following information must be included in the application.
- Name, surname and signature if the application is in writing,
- Turkish Republic ID number for citizens of the Republic of Turkey,
- For foreigners, nationality, passport number or identification number, if any,
- Residential or workplace address for notification,
- Electronic mail address, telephone and fax number for notification, if any,
- Demand issue.
Interested persons may prepare a petition containing the above information themselves or www.mersanmetal.com.tr They can also exercise their rights by using the application form to be obtained from the corporate internet address. Mersan Metal responds to applications that do not contain missing information as soon as possible, not exceeding 30 days. In case of missing information in the application, the application is answered by requesting additional information from the relevant person.
DISCLOSURE NOTICE UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA
This notification aims to enlighten the real persons whose personal data are processed by Mersan Metal in accordance with Article 10 of the Personal Data Protection Law No. 6698. For detailed information www.mersanmetal.com.tr You can review our Personal Data Protection Policy at the address.
OUR IDENTITY AS DATA CONTROLLER
Mersan Metal was established in Ostim Organised Industrial Zone in 1994 and has become an important company in the sheet metal processing sector in a short time. Today, it serves its customers in 3 workshops with a total production area of 1500 m2 in Ostim Organised Industrial Zone and in its factory with a closed production area of 8.000 m2 in Başkent Organised Industrial Zone.
It provides sheet metal cutting services in its workshops located in Ostim Organised Industrial Zone and offers project design, sheet metal cutting, bending, welding, painting and assembly services as a whole in its factory located in Başkent Organised Industrial Zone. More information about us www.mersanmetal.com.tr You can access it at
FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
We process your personal data in order to continue our business activities described above and to fulfil our legal obligations.
TO WHOM AND FOR WHAT PURPOSE IS YOUR PERSONAL DATA TRANSFERRED?
In parallel with the data processing purposes described in the Personal Data Protection Policy, Mersan Metal transfers personal data to authorised public institutions in order to fulfil its legal obligations as stipulated by law and to its suppliers when necessary to maintain its commercial activities. These data are not transferred abroad for any purpose.
WHAT ARE OUR PERSONAL DATA COLLECTION METHODS AND LEGAL REASONS?
Mersan Metal processes the personal data of its customers, suppliers, service providers and/or their representatives and employees by signing a contract with them or purchasing/selling goods/services. The main legal basis for this is the Tax Procedure Law No. 213.
The personal data of visitors are processed upon entry to the facilities of our company in order to protect the legitimate interests of our company.
Mersan Metal provides the internet access information of the persons to whom it provides internet access by using its own systems and the internet access information required to be kept within the scope of Law No. 5651 and the website www.mersanmetal.com The Company keeps log records of IP addresses connected to the website. 24/7 camera recordings are made in the common areas of the company buildings for security purposes.
WHAT ARE YOUR LEGAL RIGHTS?
You may exercise the following rights at any time by applying to us in person or in writing, provided that your identity is verified. Our company will examine your application and respond to you as soon as possible, not exceeding 30 days. In relation to yourself;
- to learn whether your personal data has been processed or not, and if your personal data has been processed, to request information regarding this,
- to learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
- to know the third parties to whom your personal data are transferred domestically or abroad,
- to request correction of your personal data in case of incomplete or incorrect processing, to request their deletion or destruction within the framework of the conditions stipulated in the law, and to request notification of these transactions to third parties to whom your personal data has been transferred,
- object to the occurrence of a result that is to your detriment, in particular by analysing your processed data through automated systems,
- Please note that you have the right to demand compensation for damages in case you suffer damage due to unlawful processing of your personal data.
To find out how to apply and to use the application form www.mersanmetal.com You can visit the address.