Personal Data Processing And Protection Policy is prepared to indicate the procedures and principles of personal data processing and protection by CENK A.Ş.

All types of personal data belonging to all employees, citizens, suppliers and third parties will be processed within the prescribed limits in accordance with the Data Protection Law No. 6698 as explained in the policy text below.

SCOPE

Personal data of all our employees, their relatives, our customers, visitors, interns, supplier officials and employees, subcontracted workers, are evaluated within the scope of this policy. This policy is also implemented regarding the processing of the personal data we have or managing of the personal data recording mediums.

DEFINITIONS

The policy includes the following definitions:

Table-1: Definitions

Definition	Explanation
Explicit Consent	Consent on a specific subject, based on to be informed and expressed with free will.
Recipient group	The category of natural or legal persons to which the personal data are transferred by the data controller.
Anonymization	To ensure that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even is matched with other data.
Institution	CENK A.Ş
Disposal	Erasure, destruction or anonymization of personal data.
Data Subject	All natural persons whose personal data are processed by or on behalf of CENK A.Ş.
Law	Personal Data Protection Law no. 6698
Recording Medium	Sny type of environment that keeps the personal data processed wholly or partially by automated means or non-automated means which provided that form part of a data filing system.
Personal Data	Any information relating to an identified or identifiable natural person.
Processing of Personal Data	Any operation performed on data such as obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system.
Personal Data Processing Inventory	Personal data processing inventory: the inventory which are detailed by explanations of the followings: personal data processing operations performed by data controllers according to their business processes; purposes and legal basis of personal data processing; data category; recipient group; maximum storage period which is formed relating to the group of person subject to data and necessary for the purpose for which personal data are processed; and measures taken relating to data security.
Special Qualified Personal Data	Personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, and the biometric and genetic data.
Periodic Disposal	The erasure, destruction or anonymization process which is determined in the personal data storage and disposal policy and to be carried out periodically ex officio, in the event that all of the conditions for processing laid down in the Law no longer exist.
Policy	Personal Data Processing and Protection Policy.
Data Processor	The natural or legal person who processes personal data on behalf of the data controller upon its authorization.
Data Controller	The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system.
VERBIS	Data Controllers' Registry Information System.

RESPONSIBILITY

All units and employees of our institution are within the scope of the policy. Our institution is responsible for preventing the unlawful processing of personal data, preventing unlawful access and ensuring the protection of data. In this regard, it has assigned the relevant units responsibility for taking all necessary technical and administrative measures to ensure the appropriate level of security, and these responsibilities are managed by the KVKK (PDP) committee.

The KVKK (PDP) Committee is responsible for the following processes: preparing, updating, executing and publishing the policy, creating and publishing technical solutions for the policy, ensuring the employees' compliance with the policy.

KVKK Committee consists of accounting manager, human resources chief, factory manager, administrative affairs chief and human resources specialist. The company manager providing services within the scope of Information Technologies takes place in the committee as a consultant. Site managers do not take part in the decision process, but participate in the committee work with the invitation of the KVKK committee.

GENERAL PRINCIPLES AND CONDITIONS OF THE PROCESSING PERSONAL DATA

The processes considered within the framework of the processing of personal data under Article 3 of the Law are: If it is part of any system of record, making it available, classifying, changing and rearranging it, or preventing its use.

We adhere to the following general principles when processing personal data:

Processing of personal data in accordance with law and honesty rules

Activities related to the personal data processing are executed in accordance with the Law and relevant legislation and the rights of natural persons are protected. The principles of moderation and necessity are taken into account when processing personal data.

Keeping personal data accurate and up-to-date when necessary

All kinds of administrative and technical measures are taken to keep personal data accurate and actual.

Processing of personal data for specific, clear and legitimate purposes

Personal data shall be processed according to the stated purposes, which are certain and legitimate. We avoid unnecessary processing of personal data without an appropriate purpose.

Processing personal data in connection with the purpose for which they are processed, in a limited and measured manner

We only process as much data as necessary for the purpose of carrying out the current activities. We do not process unnecessary personal data for purposes such as later use.

Keeping personal data for the period required by the relevant legislation or for the purpose for which they are processed,

Personal data will be stored for a limited period of time required by the Law and the relevant legislation or for the purposes of data processing. Aftre this period has expired or the reason for processing the data disappears, personal data shall be destroyed by deletion, destruction or anonymization methods.

Our institution is responsible for fulfilling the following conditions when processing personal data:

Explicit Consent: Open consent will be asking by the data subject who is informed about personal data collection and processing in accordance with the legislation and the policy. Personal data can be processed after obtaining explicit consent. Explicit consent statements received are stored in physical or electronic mediums.

As stated in the Personal Data Protection Law No. 6698, in the presence of one of the following conditions, personal data is processed without seeking the explicit consent of the data subject:

It is expressly provided for by the laws.
It is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to explain his/her consent due to the physical disability or whose consent is not deemed legally valid.
Processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
It is necessary for compliance with a legal obligation to which the data controller is subject.
Personal data have been made public by the data subject himself/herself.
Data processing is necessary for the establishment, exercise or protection of any right.
Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.

PROCESSING OF PERSONAL DATA

The institution carries out the processing of personal data and sensitive personal data in accordance with the data processing conditions set out in Articles 5 and 6 of the Law.

The personal data we process are listed below by data subject group, data category and personal data (Table 2).

Table-2: Personal Data Processed by CENK A.Ş, Data Categories and Person Group It Belongs to

Person's group	Data Category	Personal Data	Special Qualified Personal Data
Employee	Finance	Bank IBAN Number
Employee	Physical Space Security	Entry and exit registration information of employees and visitors, Security camera recordings
Employee	Legal Action		Information in correspondence with judicial authorities, Data in the lawsuit file
Employee	Legal Action	Criminal Records
Employee	Contact	Address, Contact, E-mail address, Phone number
Employee	Transaction Security	IP address, Website login and exit information, Password information
Employee	Clothing		Size for clothes, Shoe size, Clothing information
Employee	Identity	Name/Surname, National ID, Mother-Father Name, Date and Place of birth, Marital Status, ID Card Document Number, Licence Number, Mother's Maiden Name, Signature, Title, Photo
Employee	Professional Experience	Diploma information, Courses attended, Vocational training information, Certificates, Transcript information
Employee	Personnel	Payroll information, Employment certificate records, Property declaration information, Curriculum vitae information, Performance evaluation reports	Disciplinary investigation, Criminal Record Information
Employee	Health Information	HES Code	Blood type, Devices and prostheses, Medicines, Disability status, Personal health information, Vaccination Card, PCR Test
Employee Relatives	Identity	Name/Surname
Company Representative	Contact	Contact Address, E-mail address, Phone number
Company Representative	Identity	Name/Surname, T.C. ID No
Shareholder / Partner	Finance	Balance sheet information, Financial performance information, Credit and risk information, Bank IBAN Number	Asset information
Shareholder / Partner	Physical Place Security	Entry and exit registration information of employees and visitors, Security camera recordings
Shareholder / Partner	Contact	Contact address, E-mail address, Phone No.
Shareholder / Partner	Identity	Name/Surname, National ID, Mother-Father Name, Date and Place of birth, Marital Status, ID Card Document Number, Licence Number, Mother's Maiden Name, Signature, Title, Photo
Transporter Driver	Contact	Address, Phone Number
Transporter Driver	Identity	Name/Surname, T.C. ID No
Transporter Driver	Health Information	HES Code
Intern	Finance	Bank IBAN Number
Intern	Physical Space Security	Entry and exit registration information of employees and visitors, Security camera recordings
Intern	Legal Action	Criminal Records	Information in correspondence with judicial authorities, Data in the lawsuit file
Intern	Contact	Address, Contact, E-mail address, Phone number
Intern	Transaction Security	IP address, Website login and exit information, Password information
Intern	Clothing		Size for clothes, Shoe size, Clothing information
Intern	Identity	Name/Surname, National ID, Mother-Father Name, Date and Place of birth, Marital Status, ID Card Document Number, Licence Number, Mother's Maiden Name, Signature, Title, Photo
Intern	Professional Experience	Diploma information, Courses attended, Vocational training information, Certificates, Transcript information
Intern	Health Information	HES Code	Blood type, Devices and prostheses, Medicines, Disability status, Personal health information, Vaccination Card, PCR Test
Supplier Official	Contact	Address, E-mail address, Phone number
Supplier Official	Identity	Name/Surname, Signature
Visitor	Physical Space Security	Entry and exit registration information of employees and visitors, Security camera recordings

TRANSFER OF PERSONAL DATA

As indicated in Article 8 of the Law, personal data will be transferred to domestic third parties for the purpose of personal data processing, but will not be transferred abroad. We use administrative and technical measures when transferring personal data.

Personal data will not be disclosed to third parties without the explicit consent of the data subject, as indicated in Article 8 of the Law. As indicated in Articles 5(2) and 6(3) of the Act, personal data and sensitive personal data (other than health and sexual life) are transferred to the third parties without explicit consent of the data subject in the following conditions;

It is expressly provided for by the laws.
It is necessary for the protection of life or physical integrity of the person himself/herself or of any other person.
Processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
It is necessary for the municipality to fulfill its legal obligations.
Personal data have been made public by the data subject himself/herself.
Data processing is necessary for the establishment, exercise or protection of any right.
Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
Personal data related to the health and sexual life of the personal data subject, but only for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, can only be processed by individuals or authorized institutions under privacy.

The classification of personal data by process, data category, data subject group and recipient group is shown in Table 3 below. Data transfers are carried out in accordance with the relevant law and its regulations.

Table-3: Recipient/Recipient Groups of Transferred Personal Data Based on Processes

Transaction	Data Category	Person's group	Domestic Data Transfer
Creating an Employee Personnel File	Contact	Employee	No Data Transferred
Creating an Employee Personnel File	Identity	Employee	Authorized Public Institutions and Organizations
Creating an Employee Personnel File	Identity	Employee Relatives	Authorized Public Institutions and Organizations
Creating an Employee Personnel File	Personnel	Employee	Authorized Public Institutions and Organizations
Training Processes management	Contact	Employee	No Data Transferred
Training Processes management	Identity	Employee	No Data Transferred
Training Processes management	Professional experience	Employee	No Data Transferred
Creating a Financial Waybill	Contact	Transport Driver	No Data Transferred
Creating a Financial Waybill	Identity	Transport Driver	No Data Transferred
Creating a Financial Waybill	Health Information	Transport Driver	No Data Transferred
Finance Center Project - Ankara Balgat Construction Site Entry Documents	Contact	Employee	Natural persons or private law legal persons
Finance Center Project - Ankara Balgat Construction Site Entry Documents	Clothing	Employee	Natural persons or private law legal persons
Finance Center Project - Ankara Balgat Construction Site Entry Documents	Identity	Employee	Natural persons or private law legal persons
Finance Center Project- Ankara Balgat Construction Site Entry Documents	Professional experience	Employee	Natural persons or private law legal persons
Finance Center Project - Ankara Balgat Construction Site Entry Documents	Personnel	Employee	Natural persons or private law legal persons
Finance Center Project - Ankara Balgat Construction Site Entry Documents	Health Information	Employee	Natural persons or private law legal persons
Creating Financial Center Project - Vakıf Bank Construction Site Entry Documents	Contact	Employee	Natural persons or private law legal persons
Creating Financial Center Project - Vakıf Bank Construction Site Entry Documents	Clothing	Employee	Natural persons or private law legal persons
Creating Financial Center Project - Vakıf Bank Construction Site Entry Documents	Identity	Employee	Natural persons or private law legal persons
Creating Financial Center Project - Vakıf Bank Construction Site Entry Documents	Professional experience	Employee	Natural persons or private law legal persons
Creating Financial Center Project - Vakıf Bank Construction Site Entry Documents	Personnel	Employee	Natural persons or private law legal persons
Creating Financial Center Project- Vakıf Bank Construction Site Entry Documents	Health Information	Employee	Natural persons or private law legal persons
Creating Financial Center Project- Ziraat Bank Construction Site Entry Documents	Contact	Employee	Natural persons or private law legal persons
Creating Financial Center Project- Ziraat Bank Construction Site Entry Documents	Clothing	Employee	Natural persons or private law legal persons
Creating Financial Center Project- Ziraat Bank Construction Site Entry Documents	Identity	Employee	Natural persons or private law legal persons
Creating Financial Center Project- Ziraat Bank Construction Site Entry Documents	Professional experience	Employee	Natural persons or private law legal persons
Creating Financial Center Project- Ziraat Bank Construction Site Entry Documents	Personnel	Employee	Natural persons or private law legal persons
Creating Financial Center Project- Ziraat Bank Construction Site Entry Documents	Health Information	Employee	Natural persons or private law legal entities
Keeping Security Records	Physical Space Security	Employee	No Data Transferred
Keeping Security Records	Physical Space Security	Shareholder / Partner	No Data Transferred
Keeping Security Records	Physical Space Security	Intern	No Data Transferred
Keeping Security Records	Physical Space Security	Visitor	No Data Transferred
Business start and end process management (HR)	Contact	Employee	Authorized Public Institutions and Organizations, Real persons or private law legal entities
Business start and end process management (HR)	Identity	Employee	Authorized Public Institutions and Organizations, Real persons or private law legal entities
Quality process managements	Identity	Employee	No Data Transferred
Quality process managements, emergency planning	Contact	Employee	No Data Transferred
Salary payments	Finance	Employee	Authorized Public Institutions and Organizations
Creation of Personnel Files (HR)	Finance	Employee	Natural persons or private law legal persons
Creation of Personnel Files (HR)	Finance	Intern	Natural persons or private law legal persons
Creation of Personnel Files (HR)	Legal action	Employee	Natural persons or private law legal persons
Creation of Personnel Files (HR)	Legal action	Intern	Natural persons or private law legal persons
Creation of Personnel Files (HR)	Contact	Employee	Natural persons or private law legal persons
Creation of Personnel Files (HR)	Contact	Intern	Natural persons or private law legal persons
Creation of Personnel Files (HR)	Transaction Security	Employee	Natural persons or private law legal persons
Creating an Personnel Files (HR)	Transaction Security	Intern	Natural persons or private law legal persons
Creating an Personnel Files (HR)	Clothing	Employee	Natural persons or private law legal persons
Creating an Personnel Files (HR)	Clothing	Intern	Natural persons or private law legal persons
Creating an Personnel Files (HR)	Identity	Employee	Natural persons or private law legal persons
Creating an Personnel Files (HR)	Identity	Intern	Natural persons or private law legal persons
Creating an Personnel Files (HR)	Professional experience	Employee	Natural persons or private law legal persons
Creating an Personnel Files (HR)	Professional experience	Intern	Natural persons or private law legal persons
Creating an Personnel Files (HR)	Personnel	Employee	Natural persons or private law legal persons
Creation of Personnel Files (HR)	Health Information	Employee	Natural persons or private law legal persons
Creation of Personnel Files (HR)	Health Information	Intern	Natural persons or private law legal persons
Purchase Order Form (F-56)	Contact	Supplier Official	No Data Transferred
Purchase Order Form (F-56)	Identity	Supplier Official	No Data Transferred
Creation of Sole Proprietorship Current Records	Contact	Company Representative	No Data Transferred
Creation of Sole Proprietorship Current Records	Identity	Company Representative	No Data Transferred
SUPPLIER KNOWLEDGE INVENTORY (f-84)	Contact	Supplier Official	No Data Transferred
Tüpraş Construction Site-Contractor Personnel Information Form	Identity	Employee	Natural persons or private law legal persons
Tüpraş Construction Site - Hot Work Certificate -1	Identity	Employee	Natural persons or private law legal persons
Tüpraş Construction Site- Work Permit Form-1	Identity	Employee	Natural persons or private law legal persons
Tüpraş Construction Site - Risk Checklist	Identity	Employee	Natural persons or private law legal persons
Tüpraş Construction Site- Tüpraş Personnel Trainer Participation Form	Identity	Employee	Natural persons or private law legal persons
Tüpraş Construction Site- Tüpraş Contractor Occupational Hazard Analysis ITA Form	Identity	Employee	Natural persons or private law legal persons
Employee entry procedures in Tüpraş Construction Site TSS Database	Legal action	Employee	Natural persons or private law legal persons
Employee entry procedures in Tüpraş Construction Site TSS Database	Contact	Employee	Natural persons or private law legal persons
Employee entry procedures in Tüpraş Construction Site TSS Database	Identity	Employee	Natural persons or private law legal persons
Employee entry procedures in Tüpraş Construction Site TSS Database	Professional experience	Employee	Natural persons or private law legal persons
Employee entry procedures in Tüpraş Construction Site TSS Database	Personnel	Employee	Natural persons or private law legal persons
Employee entry procedures in Tüpraş Construction Site TSS Database	Health Information	Employee	Natural persons or private law legal persons
Proxy processes	Identity	Shareholder / Partner	Natural persons or legal entities of private law, Authorized Public Institutions and Organizations
Taxation Processes management	Finance	Shareholder / Partner	Authorized Public Institutions and Organizations
Taxation Processes management	Contact	Shareholder / Partner	Authorized Public Institutions and Organizations
Taxation Processes management	Identity	Shareholder / Partner	Authorized Public Institutions and Organizations

LEGAL OBLIGATION

The legal grounds for processing personal data of CENK A.Ş are as follows:

Table-4: Legal Reasons for Personal Data Processing

Transaction	Purpose of Data Processing
Creating an Employee Personnel File	Fulfillment of Employment and Legislation Obligations for Employees
Creating an Employee Personnel File	Benefits and Benefits for Employees and Execution of These Processes
Training Processes management	Conducting Educational Activities
Creating a Financial Waybill	Execution of Goods / Services Sales Processes, Execution of Finance and Accounting Affairs, Execution of Activities in Compliance with the Legislation
Finance Center Project - Ankara Balgat Construction Site Entry Documents	Execution of Management Activities, Execution / Audit of Business Activities
Financial Center Project - Vakıf Bank Construction Site Entry Documents	Execution of Management Activities, Execution / Audit of Business Activities
Financial Center Project - Ziraat Bank Construction Site Entry Documents	Execution of Management Activities, Execution / Audit of Business Activities
Business start and end process management (HR)	Execution of Management Activities
Quality process managements	Receiving and Evaluating Suggestions for Improvement of Business Processes, Carrying out Internal Audit / Investigation / Intelligence Activities, Execution of Audit / Ethics Activities
Quality process managements, emergency planning	Receiving and Evaluating Suggestions for Improvement of Business Processes, Carrying out Internal Audit / Investigation / Intelligence Activities, Execution of Audit / Ethics Activities
Salary payments	Fulfillment of Employment and Legislation Obligations for Employees
Creation of Personnel Files (HR)	Execution of Management Activities, Planning of Human Resources Processes, Execution of Activities in Compliance with the Legislation, Execution of Employee Candidate / Intern / Student Selection and Placement Processes
Purchase Order Form (F-56)	Execution of Goods / Services Procurement Processes
Creation of Sole Proprietorship Current Records	Execution of Goods / Services Production and Operation Processes, Execution of Finance and Accounting Affairs, Execution of Activities in Compliance with the Legislation
SUPPLIER KNOWLEDGE INVENTORY (F-84)	Execution of Goods / Services Procurement Processes
Tüpraş Construction Site- Contractor Personnel Information Form	Execution of Activities in Compliance with the Legislation
Tüpraş Construction Site - Hot Work Certificate -1	Execution of Activities in Compliance with the Legislation
Tüpraş Construction Site- Work Permit Form-1	Execution of Activities in Compliance with the Legislation
Tüpraş Construction Site - Risk Checklist	Execution of Activities in Compliance with the Legislation
Tüpraş Construction Site- Tüpraş Personnel Trainer Participation Form	Execution of Activities in Compliance with the Legislation
Tüpraş Construction Site- Tüpraş Contractor Occupational Hazard Analysis ITA Form	Execution of Activities in Compliance with the Legislation
Employee entry procedures in Tüpraş Construction Site TSS Database	Providing Information to Authorized Persons, Institutions and Organizations, Planning Human Resources Processes, Execution of Assignment Processes, Execution of Activities in Compliance with the Legislation
Proxy processes	Execution of Management Activities
Taxation Processes management	Execution of Management Activities

THE PURPOSES FOR DATA COLLECTION, STORAGE AND THE REASONS FOR DISPOSAL AND PROCESSING OF PERSONAL DATA

As set out in Article 12 of the Act, institutions are required to ensure an adequate level of security to prevent unlawful processing and access to personal data and to ensure their storage. We apply the all necessary technical and administrative measures.

Article 4 of the law states that the personal data processed shall be processed, limited, measured and retained for the period necessary for the purposes for which they are processed, required or processed as provided for in relevant legislation. It states that it must be related to the purpose of legislation.

Personal data processed within the framework of company activities are stored for a period of time stipulated in the relevant legislation or suitable for our processing purposes.

Our company determines the retention period for personal data it processes in the course of its activities in accordance with the relevant law and regulations. Details of retention periods are included in Personal Data Inventory.

If required, the retention period can be renewed and the disposal of personal data at the end of the retention period is also carried out by CENK A.Ş.

The legal basis for the collection and storage of personal data, the purposes of processing and reasons for destruction, and the retention period are set out in the "Personal Data Storage and Disposal Procedures".

THE ADMINISTRATIVE AND TECHNICAL PRECAUTIONS FOR THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

To prevent unlawful processing and access to personal data and to ensure their storage, as set out in Article 12 of the Law, all necessary technical and administrative measures are taken to ensure level security.

We perform or have made the necessary audits to ensure personal data security and confidentiality.

Our facilities treat any personal data they collect or process confidentially in accordance with the KVKK and policy provisions. Personal data will only be used for processing purposes and any kind of data processing activity by personnel not involved in the processing of personal data in the course of their duties is prohibited. This allows our staff to process personal data within the scope and scope of their duties. This obligation continues even after they leave the job.

If retained personal data is illegally obtained by others, we will promptly notify the person and the Board of Directors to that effect.

Administrative and technical measures taken are detailed in the “Personal Data Storage and Disposal Procedure”.

THE METHODS OF DISPOSAL OF PERSONAL DATA

As set out in Article 7 of the Law, when the reasons for processing no longer exist, personal data shall be deleted, destroyed or anonymized ex officio at the request of the data subject or in accordance with the provisions of the relevant law. be converted. Disposal methods related to these matters are detailed in our “Personal Data Storage and Disposal Procedures”.

CAMERA RECORD

At the office, facility entrances and inside the facility where CENK A.Ş serves, images are recorded by monitoring with a camera for security purposes, depending on the legitimate interests of the data controller and the legal justification.

PERSONAL DATA OF ON SITE VISITORS

On our website; Services are provided for the visitors of this site to obtain information about our company. Apart from that, the visitors movements within the site are not monitored and no records are taken.

CLARIFICATION FOR DATA SUBJECTS

Before processing the personal data, the data subject is informed about what personal data will be processed, for what purposes and to whom and for what purposes the processed personal data may be transmitted. Obligations to provide information about the methods and legal basis for collecting personal data, other rights set out in Article 11 of the Law and exceptions to the processing of personal data is fulfilled.

CENK A.Ş provides the following information to data subjects when collecting personal data:

Institutional Identity
Purposes for which personal data are processed
to whom and for what purposes the processed personal data may be transferred;
How we collect personal data and legal basis
Other rights of data subjects under Article 11 of the Law.

In cases where explicit consent is required, the obligation to inform is fulfilled. Clarification texts published as an annex to this policy can be accessed via the link www.cenk.com.tr

THE RIGHTS OF THE DATA SUBJECT AND USING THOSE RIGHTS

Pursuant to Article 11 of the law, data subjects may request access to their personal data being processed and such requests will be answered within the time limits established by the Law.

1. Application Right of Data Subjects

In accordance with Article 11 of the Law, the persons whose personal data are processed may apply to our company and request information about the following subjects:

Learning whether personal data is processed or not,
Kişisel verileri işlenmişse buna ilişkin bilgi talep etme, If personal data is processed, requesting information about it,
Learning the purpose of processing personal data and whether it is used in accordance with its purpose,
To know the name of the third parties to whom personal data are transferred both domestic or abroad,
In the event that personal data are incomplete or incorrectly processed, requesting their correction and requesting notification of the transaction made within this scope to third parties to whom personal data is transferred,
Despite the fact that it has been processed in accordance with article 7 of the Law and other relevant laws, requesting the deletion or destruction of personal data and notifying third parties to whom the personal data has been transferred, if the reasons requiring their processing do not exist any more,
Objection in case of a result against itself by analyzing the processed data exclusively through automated systems,
Requesting compensation for damages in the event that he / she suffers damage due to unlawful processing of personal data.

Data subject could convey his/her demands regarding this matter by filling in the "Application Form", in writing to our address (CENK Endüstri Tesisleri İmalat ve Taahhüt A.Ş Gürsel mahallesi İmrahor Cd. No:7, 34400 Kâğıthane/İstanbul) ([email protected]) by e-mail to our e-mail address; or by submitting an identity card, in person, through the application method.

1. Exceptions for Application

In accordance with the article 28 of the Law, it is not possible for the persons concerned to assert their rights for the personal data processed in the following cases:

Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not passed on to third parties and that the obligations regarding data security are complied with.
Processing personal data for purposes such as research, planning and statistics by making it anonymous with official statistics.
Processing of personal data for artistic, historical, literary or scientific purposes or in the context of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy or personal rights, or constitute a crime.
Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to provide national defense, national security, public security, public order or economic security.
Processing of personal data by judicial authorities or enforcement authorities regarding investigations, prosecutions, trials or enforcement proceedings.

In accordance with the section 2 of Article 28 of the Law, the following situations in which personal data is processed do not permit the data subject to exercise their rights (with the exception of the right to ask for clarification and compensation for harm).

The processing of personal data is required for criminal investigation or crime prevention.
Processing of personal data which is made public by the data subject.
Processing of personal data is required for the performance of supervisory or regulatory functions as well as for disciplinary investigations or prosecutions by legally recognized public institutions, organizations, and professional associations with a public purpose.
The processing of personal data is necessary for the protection of the economic and financial interests of the government with regard to budgetary, tax and financial matters.
1. Responding to Application of Data Subjects

CENK A.Ş will process data subject requests as soon as possible, free of charge and within 30 days depending on the type of request, in accordance with Article 13 of the Law. However, if the transaction requires additional costs, they will be charged according to the fees set by the Committee.

CENK A.Ş. may accept or reject the data subject's request with reasons and shall notify the data subject in writing or electronically. If the application request is accepted, CENK A.Ş. fulfills its requirements.

THE REGISTRY OF DATA CONTROLLERS (VERBİS)

CENK A.Ş. has complied with its obligation to register with the Data Controller Register pursuant to Article 16 of the Law and has given the following notices:

Identity and address information for CENK A.Ş.
Purposes for which personal data are processed
A description of the groups and the data categories for these people;
The recipient or group of recipients to whom personal data may be sent;
Possible cross-border transfers of personal data
Personal data security measures
The maximum period necessary for the purposes for which the personal data are processed.

Any changes that may occur in the given information shall be immediately notified to the Presidency.

UPDATING AND ENFORCEMENT OF THE POLICY

This Policy enters into force after it is approved and published on the website. Our company will update the necessary sections of the policy as required by provision

Clarification Text Download

Cenk Endüstri A.Ş. is responsible of the data controller due the processing of your personal data under the Turkish Law no. 6698 of Personal Data Protection

In accordance with the article 10 which regulates the obligatory clarification, we aim to fulfill our duty and inform you about :

What personal data is processed and for what purpose and to whom it could be transferred.
The legal basis method of collecting personal data.
Your rights are indicated in the article 11 of the Personal Data Protection Law.
The exceptions about processing personal data.

We inform you that your personal data can be deleted or destroyed by making it anonymous, if the written conditions are fulfilled within the scope of the Personal Data Retention and Destruction Policy.

The personal data that you share with our company Cenk Endüstri A.Ş, is processed by us and listed as below:

Identity Information: Name/Surname, National ID, Mother-Father Name, Date and Place of birth, Marital Status, ID Card Document Number, Licence Number, Mother's Maiden Name, Signature, Copy of identify card, Title, Picture.

Contact Information: Address, Contact address, E-mail address, Phone Number.

Professional Experience Information: Diploma information, Courses attended, On-the-job training information, Certificates, Transcript information.

Financial Information: Balance sheet information, Financial performance information, Credit and risk information, Bank IBAN Number, Assets information

Personnel Information: Payroll, Disciplinary investigation, Recruitment document records, Property declaration, Curriculum vitae, Performance evaluation reports, Criminal Record.

Health Information: Blood type, Devices and prostheses used, Medicines used, Disability status, Personal health information, Vaccination Card, PCR Test, HES Code (Special Personal Data)

Physical Space Security: Entry and exit registration information of employees and visitors, Security camera records.

Legal Action: Criminal Record, Information in correspondence with judicial authorities, Data in the lawsuit files.

Transaction Security: IP address, Website log-in and exit information, Passwords

Clothing: Size, Shoe size, Clothing information

Your personal data is processed with the following purposes:

Carrying out the Human Resources Processes
Fulfillment of Employment and Legislation Obligations for Employees
Execution of finance and accounting processes
Conducting communication activities,
Execution of legal, litigation and administrative affairs,
Providing Physical Space Security
Execution of Contract (Purchasing and Sales) Processes
Management of Goods / Services Production and Operation Processes
Conducting Occupational Health and Safety Processes
Managing of Internal/External Audit Processes
Managing of Ethics and Investigative Activities

Your personal data shall be transferred to the necessary institutions and organizations in order to fulfill the obligations towards the law and related parties (partners, suppliers, customers, employees, etc.). Some of these institutions and organizations are: SGK, İŞKUR, compulsory private pension, public institutions and organizations, insurance companies, health institutions, financial (banks, etc.) institutions, catering, car rental and operator companies.

Other than this, your personal data shall be transferred as clearly state under the laws to public institutions (Police Department, Presidential Departments, Ministries etc.) for specified purposes in the necessary case and conditions.

Your personal data will not be transferred to any person, institution or organization and abroad unless there is a legal obligation case.

Your personal data that you share with us are collected in written, verbal or electronic media by automatic or non-automatic methods.

Legal Obligations:

Personal Data Protection Law No. 6698
Labour Act No. 4857
Occupational Health and Safety Act No. 6331
Social Insurance and General Health Insurance Act No. 5510
Turkish Code of Obligations Act No. 6098
Legitimate Interests of the Data Controller
Fulfilling the Legal Obligation of the Data Controller
Regulation of Archive Services

Your personal data is stored electronically, physical or mixed form of both ways. We are responsible for preventing unauthorized access to the medium where the data is stored, ensuring that it is not lost, stolen or damaged. Against possible violations, all necessary administrative and technical precautions are taken by our administration.

The person who wants to execute his/her rights regarding the personal data, first must contact us directly.

According to the article 11 (1) of Personal Data Protection Law, you have the following rights regarding your personal data :

To learn whether his/her personal data is processed or not,
Requesting information on personal data if it has been processed,
To learn the purpose of the processing his/her personal data whether these personal data are used in compliance with the purpose,
To learn if the personal data is shared to the third parties and to whom is transferred within the country or abroad,
To request the rectification of the incomplete or inaccurate data, if exists,
To request the deletion or destruction of his/her personal data under the condition of article 7,
To request information regarding the third parties to whom the personal data is transferred and to be notified about the actions performed under the sub-paragraphs (e) and (f),
To object to the occurrence of a result against the person himself/herself by analysing the data processed solely through automated systems,
To claim compensation for damages arising from the unlawful processing of his/her personal data.

You could visit our website to check your rights under Article 11 or to request for anonymization of your data. According to the “Report on the Principles and Procedures for the Request for Data Controller” you must fill in the Application Form (form F114) available at CENK A.Ş website.

You could always send it in written form to our Address or send via e-mail to the e-mail address through specified details in below :

Address:	CENK Endüstri Tesisleri İmalat ve Taahhüt A.Ş Gürsel Mah. İmrahor Cd. No:7, 34400 Kâğıthane/İstanbul
Contact person:	Sinan DİZAR
Phone Number:	(0212) 295 5153
Website:	www.cenk.com.tr
E-mail:	[email protected]
KEP Address:	[email protected]

Application Form Download

The requested information regarding your rights indicated in the article 11 of the Turkish Law number 6698 and according to the article 13 and the article 5, should be delivered to us by filling the below form of the Report On Data Controller for The Principles and Procedures For This Request. This request shall be responded within 30 days from the notice in accordance with the article 13 of the Law numbered 6698.

Documents confirming the identity of the applicant must be submitted.

If these documents are not verified, there will be no positive feedback.

APPLICATION METHOD	EXPLANATION
Online/Website www.cenk.com.tr	The below application form could be filled in on the website CENK A.Ş. The identity of the applicant will be confirmed with the two-factor authentication.
Application by Mail Address: CENK Endüstri Tesisleri İmalat ve Taahhüt A.Ş Gürsel mahallesi İmrahor Cd. No:7, 34400 Kâğıthane/İstanbul	For the application, is necessary the signature of the state notarized declaration or any legal receipt confirming the address and identity of the applicant together with the below application form and must be filled and signed with a wet signature.
Application by E-Mailing [email protected]	The application could be made by sending an e-mail to the official e-mail address of CENK A.Ş. with the filled application form below, any legal receipt etc. that confirms the address and identity of the applicant.
Application with Electronic Signature via KEP	The person concerned can apply with the following application form signed with a digital signature via his or her KEP address.

IDENTITY AND CONTACT INFORMATION
Name
Surname
Phone Number
Mobile Phone Number
T.C. ID Number/Passport No
E-Mail
KEP Address
Eligible Settlement Address for Notification

APPLICATION INFORMATION

Application/ Request Description

(We kindly ask you to express your request in detail below and under the PDP Laws.

Please provide the information and documents related to the subject with the letter of application.)

Notifying Method for the response

(Form of Return)

Personally KEP Mailing Address E-mail

Applicant (Personal Data Owner)

Name Surname :

Application Date :

Signature :

PDP

Corporate

ABOUT US

MEDIA

CERTIFICATES

QUALITY TERMS

PDP

R & D

VIDEO CLIPS

CATALOGS

DOCUMENTS