GENERAL CLARIFICATION TEXT ON THE PROCESSING AND PROTECTION OF PERSONAL DATA
As MRC AR-GE, Energy Engineering Control and Test Services Inc. (“MRC” or “Company”), we give utmost importance to ensuring the security of your personal data. This clarification text has been prepared by MRC as a data controller within the scope of Article 10 of the Law on the Protection of Personal Data No.6698 and the Communiqué on the Procedures and Principles for Fulfilling the Disclosure Obligation. In this context, we take the necessary precautions at the appropriate security level in order to prevent and protect your personal data from being processed and accessed illegally in the processes of processing and transferring your personal data to third parties.
This Clarification Text has also been prepared on the basis of the Information Security Policy defined within the scope of our ISO 27001 Information Security Management System and is valid for all non-public information used by MRC. All employees, contracted parties and other parties who have access to information owned or managed by MRC are required to comply with this Policy. Information, whether processed manually or automatically, constitutes a strategic resource for MRC and is protected regardless of its form and subject.
With this awareness of our responsibility, we process your personal data within the framework stated below.
1. OBTAINING AND PROCESSING YOUR PERSONAL DATA AND PROCESSING PURPOSES
Your personal data is to be able to fulfil the activities determined by our Company in accordance with the provisions of the relevant legislation and the requirements of the relevant legislation within the scope of these activities, the management of our company, the execution of the business, the implementation of the Company policies, the improvement of the quality of the services within the company, the provision of security within the company, the services prescribed by the public authorities and / or considered as an exception its activities are obtained in order to comply with information storage, reporting and information obligations. In this context, the personal data of the customers, potential customers, employees, contractors, suppliers of all kinds of goods and services and all real persons who are in contact with our company are as follows:
- Identity Data: Clearly belonging to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of the data recording system; All information contained in documents such as Driver’s License, Identity Card, Residence, Passport, Professional Chamber Identity Document, Marriage Certificate.
- Communication Data: Clearly belonging to an identified or identifiable real person; processed partially or fully automatically or non-automatically as part of the data recording system; information such as phone number, address, e-mail.
- Customer Data: Clearly belonging to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of the data recording system; Customer representative and / or employee information obtained and produced during our commercial activities and activities carried out by our employees in this context.
- Customer Transaction Data: Clearly belonging to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of the data recording system; invoice, order, request information etc. obtained within the scope of our commercial activities.
- Physical Space Security Information: Clearly belonging to an identified or identifiable real person; Entry-exit registration information of employees and visitors is collected. In addition, camera recordings are taken by ODTÜ TEKNOKENT Management for security purposes. Camera recordings are not taken within the boundaries of our office.
- Risk Management Information: Data processed in accordance with generally accepted legal, commercial and honesty rules in these fields in order to manage commercial, technical and administrative risks.
- Financial Information: Clearly belonging to an identified or identifiable natural person; balance sheet, financial performance etc. Personal data of the customer officer or employee regarding information, documents and records showing all kinds of results.
2. SHARING YOUR PERSONAL DATA
Your personal data, which we process for the purposes explained above, can be transferred to our group companies located at home and abroad, legally authorized public institutions and organizations and private persons within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVK Law.
3. DISPOSAL OF YOUR PERSONAL DATA:
Our company stores the personal data we process for the periods determined by the legislation, and in case the period has not been determined separately; Depending on the services that our company provides while processing data, our Company’s Quality, Environment, Occupational Health and Safety and Information Safe Management System practices in ISO 17020, 9001, 14001, 18001 and 27001 standards and the period that needs to be processed in accordance with the practices of its commercial life and after this period only in possible legal disputes. In order to provide evidence, it is kept for the periods that are required in practice. After the expiry of the specified periods, the personal data in question are deleted, destroyed, or anonymized on the first destruction date in accordance with Article 7 of the KVK Law.
4. YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL DATA
You can apply to our Company within the framework of Article 11 of the KVK Law and send us your requests below:
- To learn whether your personal data is processed or not, if it has, request information about it,
- Learning the purpose of processing your personal data and whether they are used appropriately for their purpose,
- Learning the third parties to whom your personal data is transferred domestically or abroad,
- To request correction of personal data in case of incomplete or incorrect processing,
- To request the deletion, destruction or anonymization of your personal data in case the reasons requiring the processing of your personal data are eliminated within the scope of Article 7 of the KVK Law,
- Request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom your personal data have been transferred,
- Objecting to a consequence arising against you by analyzing the processed data exclusively through automated systems,
- To request the compensation of the damage in case your personal data is damaged due to unlawful processing.
5. RIGHT TO APPLICATION
Your application right regarding your personal data within the scope of Article 11 of the KVK Law:
• By using, “Application Form Pursuant to the Protection of Personal Data” prepared in accordance with the provisions of the KVK Law and the Communiqué on Application Procedures and Principles for the Data Controller published on 10.03.2018 and the relevant current legislation,
• To our ODTÜ Teknokent Met Alanı, M. Kemal Mah. Dumlupınar Bulvarı, no:280 D Blok No:3, Çankaya, 06520, Ankara address, in person / by hand or send it via a notary.
• You can send it to email@example.com with secure electronic or mobile signature, via your registered e-mail address or your e-mail address registered in our system.
In order for a person other than the person concerned to make a request, there must be a notarized special power of attorney issued by the relevant person on behalf of the person to make the application.
In your application, stated in the 2nd paragraph of Article 5 of the Communiqué on Application Procedures and Principles to the Data Controller (“Communiqué”);
- Name, surname and if application is in writing signature,
- For the citizens of the Republic of Turkey T. C. identification number, for foreigners, passport number or identification number, if any,
- Place of residence or workplace address for notification,
- E-mail address, telephone and fax number for notification, if any, and
- Subject of the request
In this context, your requests that you will duly submit to our company will be concluded within thirty days at the latest. If the finalization of your requests requires additional costs, our Company will charge the applicant in the tariff determined by the Personal Data Protection Board (“Board”). If your application is answered via a recording medium such as CD or flash memory, a fee determined by our company, which does not exceed the cost of the recording medium, may be charged. Our company may request information from the relevant person in order to determine whether the applicant is the owner of personal data and may ask the relevant person about his/her application in order to clarify the issues stated in the application. In case the application is rejected in accordance with Article 14 of the Personal Data Owner KVK Law, the response is found to be insufficient, or the application is not responded in time; It can make a complaint to the Board within thirty days from the date our company learns its response, and in any case within sixty days from the date of application.
6. COOKIE APPLICATION ON OUR WEBSITE
Our company reserves the right to make changes in policies and procedures regarding personal data in order to comply with legislative changes.